On 2013-09-12 22:01, Julien Pierre wrote:
Julien,
On 9/12/2013 07:06, Julien Vehent wrote:
If performance was the only reason to prefer AES-128, I would disagree
with the proposal. But your other arguments regarding AES-256 not provided
additional security, are convincing.
The performance is still an issue for servers. More servers are needed if
more CPU-intensive crypto algorithms are used.
aes-256-cbc with AES-NI does 543763.11kB/s. That's 4.35Gbps of AES bandwidth
on a single core.
On a decent 8 core load balancer, dedicate 4 to TLS, and you get 17.40Gbps
of AES bandwidth.
I don't this AES is close to being the limiting factor here. Processing HTTP
is probably 20 times more expensive than that.
Just reinforcing the point that performance is not, in my opinion, an issue.
The quality of AES-256 is much more relevant here.
---
Julien Vehent
http://jve.linuxwall.info
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto