Hacker News new | ask | show | jobs
by illumin8 5709 days ago
The problem is that even if you cache sessions, you still have to do the math to encrypt every packet. Encryption cost is a cube of key size. Please, contradict me. If you can, many cryptographers and mathematicians will thank you... :-)

Say what you will, but the difficulty of brute-forcing decryption is based on key length. You might be able to optimize the encryption using a certain length, but the key will still be vulnerable if it is only 1024 bit (as the article suggests).
1 comments
lmz 5709 days ago
For SSL, aren't the individual packets encrypted with a symmetric cypher e.g. AES, RC4, 3DES, etc?
link
caf 5709 days ago
Yes, the data stream is encrypted using a symmetric cipher, as the linked article says. The overhead of this is trivial.

It's the key exchange at the start of a session that requires the server to perform expensive RSA operations, which is why session caching helps.

link