On Mon, Nov 4, 2013 at 1:45 PM, Ethan Gruber <[log in to unmask]> wrote:
> NSA broke it already
SSL was born into lossage. After Netscape decided to go it alone, the
first version they came back with used RC4... with the same symmetric key
in both directions... At EIT I did a Proof of Concept attack using the
initial lack of binding between DNS name and X.500 certificate (this was
funded on the DARPA MADE project grant).
All this was done at a time when the guestimate of a ~1 Public Key
Operation per second.
On a late 2011 macbook pro ( Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz )
openssl speed -multi 8 rsa2048 gives a throughput of 3124.2
signatures.second, and 97561.0 verifications.
For Symmetric AES, the same hardware gives the throughput listed below.
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
aes-128 cbc 427093.88k 451648.30k 460755.99k 462780.42k
aes-192 cbc 352143.17k 368399.83k 370499.48k 371674.11k
aes-256 cbc 299224.85k 309780.08k 301863.34k 286403.36k
In other words: the cpu cost ain't not thang.
There is an recurrent cost for a server certificate, but I'm sure that this
could be obtained from the usual suspects (Mellon, OCLC, Kilgour, or
Stanford). Somebody has to responsible for renewing certificates before
they expire (same sort of work as making sure the DNS domains don't expire).