tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Better SSL connector setup
Date Wed, 10 Apr 2013 20:50:49 GMT
Hash: SHA256


On 4/10/13 12:17 PM, Harris, Jeffrey E. wrote:
>> -----Original Message----- From: Christopher Schultz
>> [] Sent: Wednesday, April 10,
>> 2013 12:09 PM To: Tomcat Users List Subject: Re: Better SSL
>> connector setup
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> André,
>> On 4/9/13 11:54 AM, André Warnier wrote:
>>> Harris, Jeffrey E. wrote:
>>>> Chris,
>>>>> -----Original Message----- From: Christopher Schultz 
>>>>> [] Sent: Tuesday, April
>>>>> 09, 2013 10:01 AM To: Tomcat Users List Subject: Re: Better
>>>>> SSL connector setup
>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>>>> Jeffrey,
>>>>> On 4/9/13 8:17 AM, Harris, Jeffrey E. wrote:
>>>>>>> -----Original Message----- From: André Warnier 
>>>>>>> [mailto:aw@ice-
>>>>>>> Sent: Tuesday, April 09, 2013 6:04 AM To: Tomcat Users
>>>>>>> List Subject: Re: Better SSL connector setup
>>>>>>> Christopher Schultz wrote:
>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>>>>> You can improve the performance of the existing RS-232
>>>>>> modem pool by doing some ROT-13 and Fourier transforms
>>>>>> prior to data
>> encoding.
>>>>>> However, this does require the equivalent capability on
>>>>>> the receiving side.
>>>>> - -1
>>>>> Using ROT-13 can certainly improve the security of your
>>>>> data in-transit and *is* a NIST recommendation, but it
>>>>> unfortunately
>> does
>>>>> not improve performance as it introduces an additional
>>>>> operation in the pipeline. As usual, real security is a
>>>>> trade-off between convenience (here, speed) and actual
>>>>> security (the superior cipher algorithm ROT-13). I believe
>>>>> recent versions of OpenSSL (0.9.1c?) include the new
>>>>> ROT13-XOR- MD2 cipher, but since it is optimized
>> for
>>>>> 8-bit processors you need to make sure to have a modern CPU
>>>>> -- I recommend one of the "DX2" Intel processors.
>>>> Okay, it does not improve performance, but it sure confuses
>>>> the heck out of man-in-the-middle attacks!
>>>>> As for Fourier transforms, that's just security through
>>>>> obscurity (though it's pretty good obscurity). "Fast"
>>>>> Fourier transforms also work best with data sizes that are
>>>>> powers-of-two in length and so your throughput can
>>>>> experience odd pulsing behavior while your buffers fill
>>>>> waiting to be transformed. Unless you have one of the 
>>>>> aforementioned "DX2" style processors coupled with a
>>>>> V.22bis-capable device, you are probably not going to be
>>>>> able to keep up with all the traffic your Gopher server is
>>>>> likely to generate.
>>>> Well, I was focusing on performance here, not security.  And
>>>> if I
>> use
>>>> my Amiga 1000, I can invoke hardware security because of the 
>>>> non-standard RS-232 port (just try and connect a regular
>>>> RS-232
>> cable
>>>> to that system, and see how quickly the modem shorts out!),
>>>> and because the instruction set uses Motorola 68000
>>>> instructions, not
>> DX2
>>>> Intel instructions.
>>> That's not really security either.  Any common optical RS-232
>> isolator
>>> (like the one shown here : 
>>> lator-7-wire.htm)
>>> will easily overcome that issue. I started using these
>>> everywhere after I blew up the line drivers of my Soroc
>>> terminal a couple of times by forgetting to switch it off
>>> before I unplugged it. I don't know what the optical nature of
>>> the isolator does to the security by obscurity aspect though, I
>>> suspect that it may make a man-in-the-middle attack easier (as
>>> long as the man is not really in the middle physically of
>>> course). For SSL however, due to the higher bitrate, I would
>>> recommend a conversion to RS485 (with this e.g. : 
>>> (beware
>>> of embedded Trojans though).
>> USB is just a fad. Stick with SCSI unless you want to have a
>> whole lot of useless hardware in 18 months.
>>> Also, for your Amiga, you may want to consider swapping the
>>> 68000 processor by a 68010. It is pin-compatible and provides a
>>> significant speed boost, maybe enough to allow you to switch
>>> from a 48-bit encryption scheme to a 128-bit scheme.
>> Don't forget to install the Microsoft High Encryption pack, or
>> your browsers won't be able to decrypt that stuff. I think you
>> have to register with the DOD in order to deploy ciphers of that
>> strength.
>> - -chris
> I will just convert everything into machine code.  The Motorola
> processors and AmigaOS use Big-Endian, and Intel processes use
> Little-Endian, so that will just confuse anyone who uses Intel
> hardware and most operating systems, particularly if I just overlay
> the results with the Beatles' "Helter Skelter" played backwards and
> sampled at 11.025KHz.

Get yourself a DEC Alpha and write an algorithm that switches
endian-ness halfway through the process. Good luck debugging that.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message