Re: New multi6 draft: WIMP

[Erik Nordmark <Erik.Nordmark@sun.com>]

> On 2-feb-04, at 12:30, Jukka Ylitalo wrote:
> 
> > A short hash chain generation is a quite fast operation compared to 
> > signature calculation. (If I remember correct, e.g., computing SHA1 
> > five times over a 160bit string takes under 0.5 ms with 2Ghz pentium.) 
> > The operation is efficient and makes it more diffucult for an attacker 
> > to cause a DoS situation.
> 
> Actually this is pretty poor. I seem to remember that a significantly 
> slower Pentium can do 2000 DSA signature checks per second. Being able 
> to bring down a host with just 2000 packets per second would be a very 
> bad thing, as this is easily accomplished over 10 Mbps ethernet (approx 
> 500 byte packets).

I would be interesting in seeing some apple-to-apple comparisons
between different security algorithms that might apply to multi6 solutions:

One is an anonymous DH exchange - basically the purpose-built keys approach -
how much CPU to do the modular exponentiation?

Another one is a public key signature (and verification?)

A third is performing 5 SHA1 hashes of 160 bits.

If I had a better feel for the relative CPU cost of those 3 operations it
would be easier for me to understand the performance/DoS aspects of these
schemes.

  Erik