On Wed, Aug 19, 2015 at 02:55:33PM -0400, Jim Starkey wrote: > > The best alternative to RC4 is AES-128. It is "more" (but not > measurably) secure but also a couple of hundred times as expensive to > compute. If you don't believe me, run your own numbers.
I did... mike@unicorn:~> openssl speed rc4 ... The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes rc4 609623.18k 807359.70k 871860.57k 885005.65k 907273.59k mike@unicorn:~> openssl speed aes-128-cbc ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 100529.71k 107251.14k 109653.25k 267147.56k 269494.88k mike@unicorn:~> openssl speed -evp aes-128-cbc ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 506568.22k 595950.94k 670431.74k 696260.75k 698463.57k So it looks like "couple of hundred" means 6-8 when calculating AES in software and 1.25-1.35 when using in-CPU implementation (in this case, AMD FX-8150 from 2012). Anyway, I agree with most of the rest. Michal Kubecek ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel