[Cryptography] [FORGED] The Energy Budget for Wireless Security shows cryptography is cheap
ianG
iang at iang.org
Wed Oct 28 08:31:21 EDT 2015
On 28/10/2015 03:16 am, Peter Gutmann wrote:
> Ryan Carboni <ryacko at gmail.com> writes:
>
>> This is a recurrent problem. Focusing on individual cipher costs while
>> ignoring protocol costs wastes time towards pointless optimizations which
>> could prove insecure and vulnerable (needless reductions in security
>> margins). ChaCha's speed likely does not add any true benefit when asymmetric
>> cryptography is factored in.
>
> That's something that really needs saying. The number of times I've had
> people come to me agonising about which algorithm(s) they can pare down to in
> embedded devices to save code space and CPU, when what they're using them with
> is massively complex and heavyweight security stacks like TLS or SSH (and then
> loading XML config files over their embedded web server). For some reason
> everyone seems to focus on the crypto algorithm and forget about the fact that
> the crypto can run entirely in the RAM that their XML parser leaks every time
> it loads a file.
Yes - this is another reason why I suggest that the protocol designer
take such decisions away from the users.
The benefit for one user in "choosing better" does not outweigh the cost
for all users in spinning wheels and choosing worse.
iang
More information about the cryptography
mailing list