[hybi] AES-128-CTR not much safer, but not fast either
Willy Tarreau <w@1wt.eu> Mon, 10 January 2011 00:06 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 41C1D3A685A for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 16:06:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.082
X-Spam-Level:
X-Spam-Status: No, score=-2.082 tagged_above=-999 required=5 tests=[AWL=-0.039, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPlBteDzNpGY for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 16:06:57 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id B042A3A6853 for <hybi@ietf.org>; Sun, 9 Jan 2011 16:06:56 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p0A098DQ010460 for hybi@ietf.org; Mon, 10 Jan 2011 01:09:08 +0100
Date: Mon, 10 Jan 2011 01:09:08 +0100
From: Willy Tarreau <w@1wt.eu>
To: Hybi <hybi@ietf.org>
Message-ID: <20110110000908.GD5743@1wt.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
Subject: [hybi] AES-128-CTR not much safer, but not fast either
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 00:06:58 -0000
I have reused Maciej's code for AES-128-CTR to make it emit a constant stream and look there for a supposedly processable request (which is valid since Apache processes it and transcodes it if it finds it at the beginning of the stream). willy@pcw:~/c$ time ./aes-128-ctr-get Found the 'GET\n' pattern on the wire after 1608425803 bytes real 0m20.761s user 0m20.761s sys 0m0.000s It requires the client to send more data, but here we're only at 1.6 GB, roughly just 1000 times more than with the basic XOR method. However, it's limited to 640 Mbps only. It means that using this as a mandatory masking method will not even allow me to use a memcache at gigabit speeds on my local network :-( Once again, I'm not saying that I'd believe that any intermediary would seek a request that far. Neither do I believe it would seek one after one megabyte nor after any non CRLF byte BTW. But we're proposing this method because other ones are not deemed sure enough. However, it does not either cover the issues which caused the other methods to be proposed. So now either we should conclude that using AES to prevent a request from popping up is acceptable because the risks are low, so it must be possible to disable it for some use cases, or we conclude that it's not usable and the only masking solution consists in never putting a CR/LF on the wire. But we have to make choices. We can't disable the protocol that way to fix a problem we finally don't fix. Regards, Willy
- Re: [hybi] AES-128-CTR not much safer, but not fa… Thomson, Martin
- [hybi] AES-128-CTR not much safer, but not fast e… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Scott Ferguson
- Re: [hybi] AES-128-CTR not much safer, but not fa… Bruce Atherton
- Re: [hybi] AES-128-CTR not much safer, but not fa… Yuta Kitamura
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Cedric Vivier