[672] in Kerberos
Faster encryption method?
daemon@TELECOM.MIT.EDU (Jerome H Saltzer)
Tue Mar 14 12:12:58 1989
From: Jerome H Saltzer <jhs%computer-lab.cambridge.ac.uk@NSS.CS.UCL.AC.UK>
To: morgan%jessica.stanford.edu@NSS.CS.UCL.AC.UK
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: morgan@edu.stanford.jessica's message of Fri, 10 Mar 89 11:18:01 -0800 <8903101954.AA28173@ATHENA.MIT.EDU>
> FAST SOFTWARE ENCRYPTION
> By Ralph Merkle
> Xerox Corp.
>
> I haven't heard the talk, but it seems to me this sort of thing has
> implications for Kerberos. Could Kerberos be made to support multiple
> encryption functions concurrently? Maybe on a per-user or per-session
> basis?
The protocol in the current distribution does not have provision for
different users to use different encryption functions, but it has been
apparent for some time that the next iteration of the protocol
definition should permit that. It appears to be relatively easy to do.
Merkle's work sounds very interesting, although the impact on Kerberos
would be mostly in secondary areas. The design of Kerberos assumes that
software encryption might be expensive, so it minimizes the number of
bytes that must be encrypted, to the point where the performance
of the encryption software is not a bottleneck.
The primary value of a software-optimized algorithm would be that one
could make more use of fully-encrypted data streams, instead of
restricting their use only to things of great privacy sensitivity.
Most Kerberos-mediated applications pass up that opportunity precisely
because the cost of software encryption is currently too high.
Jerry Saltzer
