Home page logo
/

nanog logo nanog mailing list archives

RE: Instant chats and central servers
From: "David Schwartz" <davids () webmaster com>
Date: Wed, 9 May 2001 10:35:17 -0700



No.

This is Dalnet's ircd.  With an average of > 65000 users, encryption to
the CLIENT is not feasible.

Adding support probably wouldn't be too tricky to someone with C
expierence.

Jason

        I don't see how that can be. A P3-600 can RC4 encrypt over 60MB/sec in 64
byte blocks. That figure drops to only 45MB/sec in 8 byte blocks. This is a
slight overstatement because cache effectiveness is increased by repeatedly
encrypting the same stream.

        If a chat server with a P3-733 has a throughput of, say, 8MB/sec out and
3MB/sec in, encryption on all that traffic would eat less than 15% of the
CPU. There would be some memory usage to store all the encryption/decryption
state information but memory is cheap.

        If you used a dual processor machine and separated the actual chat layer
from the I/O layer, you could put the encryption in the I/O layer. This is
actually not that terribly hard to hack into Ircd.

        I think you're simply assuming that it's infeasible but you haven't
actually tried it or done the math. We've done it with ConferenceRoom, and
the encryption load is so low as to be almost lost in the noise.

        DS

        PS: If you use public-key encryption to do the initial key exchange, that
can be significant if you have a high rate of connection establishment. But
if you assume that everybody has a password already known to both them and
the chat server, it's not a problem.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]