Chris, > -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Tuesday, April 09, 2013 10:01 AM > To: Tomcat Users List > Subject: Re: Better SSL connector setup >
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Jeffrey, > > On 4/9/13 8:17 AM, Harris, Jeffrey E. wrote: > > > > > >> -----Original Message----- From: André Warnier [mailto:aw@ice- > sa.com] > >> Sent: Tuesday, April 09, 2013 6:04 AM To: > >> Tomcat Users List Subject: Re: Better SSL connector setup > >> > >> Christopher Schultz wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > >>> > > You can improve the performance of the existing RS-232 modem pool by > > doing some ROT-13 and Fourier transforms prior to data encoding. > > However, this does require the equivalent capability on the receiving > > side. > > - -1 > > Using ROT-13 can certainly improve the security of your data in-transit > and *is* a NIST recommendation, but it unfortunately does not improve > performance as it introduces an additional operation in the pipeline. > As usual, real security is a trade-off between convenience (here, > speed) and actual security (the superior cipher algorithm ROT-13). I > believe recent versions of OpenSSL (0.9.1c?) include the new ROT13-XOR- > MD2 cipher, but since it is optimized for 8-bit processors you need to > make sure to have a modern CPU -- I recommend one of the "DX2" Intel > processors. > Okay, it does not improve performance, but it sure confuses the heck out of man-in-the-middle attacks! > As for Fourier transforms, that's just security through obscurity > (though it's pretty good obscurity). "Fast" Fourier transforms also > work best with data sizes that are powers-of-two in length and so your > throughput can experience odd pulsing behavior while your buffers fill > waiting to be transformed. Unless you have one of the aforementioned > "DX2" style processors coupled with a V.22bis-capable device, you are > probably not going to be able to keep up with all the traffic your > Gopher server is likely to generate. > Well, I was focusing on performance here, not security. And if I use my Amiga 1000, I can invoke hardware security because of the non-standard RS-232 port (just try and connect a regular RS-232 cable to that system, and see how quickly the modem shorts out!), and because the instruction set uses Motorola 68000 instructions, not DX2 Intel instructions. > - -chris Jeffrey This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.