[386] in Kerberos
faster encrypted rlogin
daemon@TELECOM.MIT.EDU (Ken Raeburn)
Sun Jun 5 16:26:07 1988
From: Ken Raeburn <raeburn@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
Jeff and I were talking a little last night, and this idea came up.
While the encrypted rlogin that is in the beta release (at least, I
think it was; I picked up one from our sources here that works ok)
tends to be quite slow (enough so as to be noticable even at 1200
baud), there is no real reason why the DES routines have to be run in
real time. Why not use a DES-generated random sequence of bytes to
XOR against the data? The XOR values can be generated using, say, the
session key as the seed, and can be computed before the data is
available against which it is to be XOR'ed. The random number
generation could even be done in a subprocess, if CPU time is still
the problem. (Another help would be getting a better compiler for the
VAX -- due to some oversight, the des.c code is maybe half as fast on
the vax as it could be.)
The "random" number generation could be done by taking a seed and
repeatedly putting it through encryption (with the known key) and
using one byte of the result each time. I myself don't know quite
enough about DES to know how good this is, or if we could get away
with using more bytes of the result...
This wouldn't work so well for batch-type data transfers (though it
might make a small difference), but should be useful for user login
sessions, where a lot of idle time is wasted waiting for the user...
Comments & opinions?
_kr
