> > Message: 3 > Date: Tue, 14 Aug 2007 23:33:22 +0200 > From: Ivar Janmaat <[EMAIL PROTECTED]> > Subject: Re: [SunRay-Users] openvpn and sunray2fs built-in VPN client > To: SunRay-Users mailing list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Would it be an option to upgrade the already available arcfour > encryption of ALP to something more secure? > With the new released T2 chip we could then see "security without the > extra cost" on sunray all connections. > Atleast when ran on T2 servers ;-) > > Ivar
The issue is not the encryption on the server side so much as the speed on the Sun Ray side. ARCFOUR was the only algorithm that gave sufficient performance for high-bandwidth use. Even so, with the Sun Ray 1, having encryption on dropped the data throughput in half - from a maximum of about 50 Mbps to around 25 Mbps. The difference in rendering with encryption on was noticeable. That's much less true on the Sun Ray 2, which does about 40 Mbps with encryption on. We get away with supporting 3DES and AES in software for the VPN due to the fact that we're typically running at low bandwidths, certainly under 10 Mbps. The good news is that the Alchemy chip in the Sun Ray 2 contains a crypto engine that I'm looking at using. Once we have the hardware encryption working on the Sun Ray side, we can look at supporting AES on a higher bandwidth connection. I'm not sure why everybody thinks ARCFOUR is so insecure. I've read the literature, and aside from some extreme corner cases that affect the first 256 bytes of the code stream, there are no attacks that break the coding. (In the Sun Ray implementation, the first 256 bytes of the stream are thrown away.) I'm willing to be enlightened on why it's insecure, if anybody knows. After all, we've used it as the encryption algorithm in SSL/HTTPS for years. Kent _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
