undefined | Better HN

0 pointsillumin815y ago0 comments

The problem is that even if you cache sessions, you still have to do the math to encrypt every packet. Encryption cost is a cube of key size. Please, contradict me. If you can, many cryptographers and mathematicians will thank you... :-)

Say what you will, but the difficulty of brute-forcing decryption is based on key length. You might be able to optimize the encryption using a certain length, but the key will still be vulnerable if it is only 1024 bit (as the article suggests).

0 comments

lmz15y ago

For SSL, aren't the individual packets encrypted with a symmetric cypher e.g. AES, RC4, 3DES, etc?

caf15y ago

Yes, the data stream is encrypted using a symmetric cipher, as the linked article says. The overhead of this is trivial.

It's the key exchange at the start of a session that requires the server to perform expensive RSA operations, which is why session caching helps.

j / k navigate · click thread line to collapse