[noise] DoS resistance
Tony Arcieri
bascule at gmail.com
Mon Jul 20 10:03:12 PDT 2015
On Mon, Jul 20, 2015 at 5:50 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> 70 Mbps is pretty horrible. That's a tiny amount of bandwidth required
> to completely saturate a server and prevent it from handling other
> incoming handshakes.
Horrible compared to what? With SSL/TLS today servers will perform RSA
operations for you and can probably do something close to 2500/s per CPU
for 2048-bit RSA on a high-end CPU (unless you're talking about things like
hardware load balancers with RSA ASICs)
Pulling off the "THC attack" requires considerably less than 70 Mbps. I
think the same thing could be said for most layer 7 DoS in general
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150720/fa6b09e5/attachment.html>
More information about the Noise
mailing list