[Mono-dev] RSA and ECDH

[Edward Ned Harvey (mono)]

> From: Ian Norton [mailto:inorton at gmail.com]
> 
> Hi folks.
> Key generation can be hugely different on different platforms. Essentially for
> RSA you need to generate two huge random integers and do primality checks
> on them.
> This is always going to be fairly nondeterministic in terms of time.
> What really matters for performance of TLS is the speed at which you can do
> a decrypt using RSA. The best way to measure this is to generate one key.
> Start the stopwatch and do lots of signatures of about 20-60 bytes of data.

I think you meant to respond to the list and not just me, so I included your whole text above.  And my response:

This is true - by nature of the fact that you have to start with a random number, and from there, perform a search for a prime.  If you're lucky, you could get a prime on the first random pick, and if you're unlucky, you could be required to search for a long time before you find a prime.

But when the time required is *usually* 20-40 seconds, as opposed to usually 1-2 sec...  And this is a blocking operation, and it's necessary to establish an https connection (or anything else using SSL/TLS) ...  That is well outside of the normal user tolerance.

Normally, all we need to do is generate a keypair, and then encrypt something on par with 32-128 bytes, to perform an AES key exchange, and then never care about the RSA key again.  So I humbly disagree that the speed of encryption / decryption is what matters.  What matters is the total time to perform session key exchange (AES or whatever algorithm was negotiated), which includes the time to generate the RSA key.