On 05.10.2012 10:58, Guus Sliepen wrote: > I found a benchmark here: > https://github.com/cjdelisle/cjdns/blob/master/rfcs/benchmark.txt > > So it seems that is not as slow as I suspected: it can forward packets at a > rate of 7 Gbit/s on an Opteron 6128. I think you have misread. The benchmark actually shows 700Mb/s, not 7Gb/s. Just pointing it out to avoid confusion when checking local performance.
Also, cjd (aka Caleb James DeLisle, developer of cjdns) asked me to share some words from him to this list (edited for readability): <cjd> There are 3 (or possibly 2) layers of encryption on cjdns traffic. The innermost layer is the end-to-end crypto which most people agree makes sense. The outermost layer (hop-to-hop) is entirely optional since you can speak with your neighbor in any protocol you and he can agree on. This leaves the middle layer which is between "routers", since traffic only needs to be sent to another router if a path to it's final destination is not known, router-to-router traffic is not as common as one would expect. >From a security perspective, the most troubling fact is that poly1305 authentication is switched off for the inner 2 layers of crypto to save overhead, relying instead on the TCP/UDP checksum to indicate forgery. This can however easily be fixed by sending an "authenitcate packets" bit when beginning a session. The implementation just currently chooses not to. </cjd> -- Jonas _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography