tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Jeffrey E." <Jeffrey.Har...@ManTech.com>
Subject RE: Better SSL connector setup
Date Tue, 09 Apr 2013 14:09:40 GMT
Chris,

> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Tuesday, April 09, 2013 10:01 AM
> To: Tomcat Users List
> Subject: Re: Better SSL connector setup
>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jeffrey,
>
> On 4/9/13 8:17 AM, Harris, Jeffrey E. wrote:
> >
> >
> >> -----Original Message----- From: André Warnier [mailto:aw@ice-
> sa.com]
> >> Sent: Tuesday, April 09, 2013 6:04 AM To:
> >> Tomcat Users List Subject: Re: Better SSL connector setup
> >>
> >> Christopher Schultz wrote:
> >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
> >>>
> > You can improve the performance of the existing RS-232 modem pool by
> > doing some ROT-13 and Fourier transforms prior to data encoding.
> > However, this does require the equivalent capability on the receiving
> > side.
>
> - -1
>
> Using ROT-13 can certainly improve the security of your data in-transit
> and *is* a NIST recommendation, but it unfortunately does not improve
> performance as it introduces an additional operation in the pipeline.
> As usual, real security is a trade-off between convenience (here,
> speed) and actual security (the superior cipher algorithm ROT-13). I
> believe recent versions of OpenSSL (0.9.1c?) include the new ROT13-XOR-
> MD2 cipher, but since it is optimized for 8-bit processors you need to
> make sure to have a modern CPU -- I recommend one of the "DX2" Intel
> processors.
>

Okay, it does not improve performance, but it sure confuses the heck out
of man-in-the-middle attacks!

> As for Fourier transforms, that's just security through obscurity
> (though it's pretty good obscurity). "Fast" Fourier transforms also
> work best with data sizes that are powers-of-two in length and so your
> throughput can experience odd pulsing behavior while your buffers fill
> waiting to be transformed. Unless you have one of the aforementioned
> "DX2" style processors coupled with a V.22bis-capable device, you are
> probably not going to be able to keep up with all the traffic your
> Gopher server is likely to generate.
>

Well, I was focusing on performance here, not security.  And if I use my Amiga
1000, I can invoke hardware security because of the non-standard RS-232 port
(just try and connect a regular RS-232 cable to that system, and see how quickly
the modem shorts out!), and because the instruction set uses Motorola 68000
instructions, not DX2 Intel instructions.

> - -chris

Jeffrey

This e-mail and any attachments are intended only for the use of the addressee(s) named herein
and may contain proprietary information. If you are not the intended recipient of this e-mail
or believe that you received this email in error, please take immediate action to notify the
sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments
from your computer; and do not disseminate, distribute, use, or copy this message and any
attachments.
Mime
View raw message