gabriel rosenkoetter on Fri, 5 Apr 2002 00:40:17 +0200 |
On Thu, Apr 04, 2002 at 03:49:41PM -0500, Will Dyson wrote: > Who cares as long as you can saturate the network??? My dual PII-366 can > saturate a 10Mbit network using the slow default cipher (aes-128) and Ian > is doing this over a WAN. Because the encrypted file is *larger* than the clear file with ssh, which means that you're transfer time will be longer no matter the size of your pipe. And, because you're putting the server on the other end under a lot of stress for no good reason. Which sometimes doesn't matter and sometimes *really* pisses people off. (Around here, if Oracle can't have all of the processor most of the time, clients get pissy.) > If you really care about reducing encryption overhead, then use blowfish > as the cipher (as someone else pointed out in this thread). Or don't encrypt at all if it's not necessary. > Also, with ssh you get an extra layer of error-correction (It MACs each > packet). And wastes more time. What makes you think the error-correction provided by TCP is insufficient? -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpGOq5EnOpBu.pgp
|
|