[s353]

I think of reduced memory requirements as a benefit to every application, including encryption. That's because nearly every application I use competes for memory; I also use memory as general storage media for stuff for which I want fast I/O and/or don't need to save permanently (e.g. mfs or tmpfs mounts). I think of memory as a precious resource.

[Dylan16807]

That doesn't really apply to memory use on the order of a single kilobyte. You're not going to be hashing many different streams at once.

[marshray]

And why not? Ever considered a busy SSL offload device or VPN appliance?

A kilobyte here, a kilobyte there, and pretty soon you're talking real memory!

[Dylan16807]

I think something handling a TCP stream has better things to worry about than an extra buffer smaller than a single packet.

[marshray]

Well, you're wrong, at least for a specific segment of hardware and software on the market. The size of a packet is not related to the acceptable per-connection overhead. Some network devices like ASIC-accelerated routers can't handle any per-connection state.

If you don't believe me, hop on any kernel development mailing list and try to convince them they could solve world hunger by only adding 1 KB overhead to the TCP socket structure that tracks actve connection states.

[haberman]

Can't upvote this enough. When you live at the bottom of the stack, you can't be cavalier about your constant overheads. Practically any overhead you can think of is going to be multiplied by "n" in someone's O(n).

[Dylan16807]

I'm sure someone will multiply anything by n but that doesn't mean their code is right. I can't think of any legitimate use for thousands of incomplete hashes without so much other memory the hash is dwarfed. Can you?

The argument about streamlined vpn or ssl devices is not relevant here: such a device has to calculate hashes, but it doesn't have to keep hash states open. Hash a message, make/check the signature, forward or discard, O(k) memory use where k is the number of cores.

I agree that a per connection overhead of this size for every TCP connection is a terrible thing, but I think marshray forgot we were talking about places where you use hashes, and keep them open.

[IheartApplesDix]

Think of encryption as more secure the harder it is to do. Optimizing encryption for the benefit of other applications is backwards.

[Heliosmaster]

Think about RSA. Harder Encryption (computationally) is achieved with a high e. Too bad that Wiener in 1990 proved that if d (private key) is small enough we can easily crack it using continued fractions.