[Mono-dev] RSA and ECDH

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Sun Feb 16 20:03:26 UTC 2014

> From: Ian Norton [mailto:inorton at gmail.com]
> Hi folks.
> Key generation can be hugely different on different platforms. Essentially for
> RSA you need to generate two huge random integers and do primality checks
> on them.
> This is always going to be fairly nondeterministic in terms of time.
> What really matters for performance of TLS is the speed at which you can do
> a decrypt using RSA. The best way to measure this is to generate one key.
> Start the stopwatch and do lots of signatures of about 20-60 bytes of data.

I think you meant to respond to the list and not just me, so I included your whole text above.  And my response:

This is true - by nature of the fact that you have to start with a random number, and from there, perform a search for a prime.  If you're lucky, you could get a prime on the first random pick, and if you're unlucky, you could be required to search for a long time before you find a prime.

But when the time required is *usually* 20-40 seconds, as opposed to usually 1-2 sec...  And this is a blocking operation, and it's necessary to establish an https connection (or anything else using SSL/TLS) ...  That is well outside of the normal user tolerance.

Normally, all we need to do is generate a keypair, and then encrypt something on par with 32-128 bytes, to perform an AES key exchange, and then never care about the RSA key again.  So I humbly disagree that the speed of encryption / decryption is what matters.  What matters is the total time to perform session key exchange (AES or whatever algorithm was negotiated), which includes the time to generate the RSA key.

More information about the Mono-devel-list mailing list