spf-discuss
[Top] [All Lists]

Re: Updates on SRS crypto

2004-02-18 21:39:38

On Feb 18, 2004, at 11:34 PM, mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:

On Wed, Feb 18, 2004 at 07:51:27PM -0500, George Schlossnagle wrote:

On Feb 18, 2004, at 6:13 PM, mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:

On Wed, Feb 11, 2004 at 12:29:29PM -0600, wayne wrote:
I disagree that this factor of two is significant. Shevek points out
that "I can perform 100,000 HMAC SHA1 encryptions in Perl on my
desktop PC in 1.4 seconds. In C, the performance will double or
treble."  Until MTAs can accept 100,000 messages in around 1.4
seconds, using SHA1 isn't a problem.

Shevek's data is good enough proof for me that speed isn't an issue.

I bet he ran a for loop inside perl.  Here is a more real data:
Do one hundred transformations:

time for i in `awk 'BEGIN{ for(i=1;i<=100;i++) print i}'`; do
/usr/bin/srs --address(_at_)8#²Qõ --hashlength=20  --forward
--secret=secret --alias=alias
done
[...]

That's not a very real test.  A realistic srs implementation has srs
integrated into the mta and not exec'd as an independent process.

Is that what the

srs0:     "|/usr/bin/srs -reverse --secret=/etc/srs.secret"

/etc/aliases line was all about?  How?

The existence of slow methodologies doesn't prohibit doing it fast. Any mta concerned about performance would integrate it. It's not hard and there are mtas that do this already.

George


<Prev in Thread] Current Thread [Next in Thread>