| Re: draft-urien-eap-smartcard-06.txt | <– Date –> <– Thread –> |
From: Thomas Otto (t.otto sharevolution.de)
|
|
| Date: Fri, 20 Aug 2004 11:45:26 -0400 (EDT) | |
Hi Pascal, I just had a look at your website ... Under the headline "the first EAP-TLS smartcard is operational in the ENST Wi-Fi network" you provide an ethereal packet dump of a full EAP-TLS authentication. I measured the total time of this conversation. The time difference between EAP-Request/Identity at 17:46:21 and EAP-Success at 17:46:58, are 37 seconds. More precisely, the client needs almost 30 seconds to send ClientKeyExchange, CertificateVerify, and ChangeCipherSpec (in frame 52), where I remember ClientKeyExchange requires the 48 byte premaster secret. (which requires expensive computations ..) So, is there hope for a speedup or is EAP-TLS not suitable for the EAP smartcard? How much Java influences this duration? In contrast to this, as answer to "Are smartcards performances sufficient ?" we get the information, "Usually smart cards include crypto-processors that compute the RSA 2048 bits algorithm in less than 0,5s." This is great, so I suppose the card above lacks of such a crypto-processor ? May I compare this to the running time of my implementation of EAP-PSK, which took for a full authentication only 0.75 seconds. There is a strange 0.25 second delay between Identity Request and Response, so essentially we have 0,5 seconds for the protocol. By the way, the notebook used for this test was nothing special, just a 4year old 400 MHz machine ;-) Thomas References [1] http://www.infres.enst.fr/~urien/security/eap-tls-trace.pdf [2] http://t13.mine.nu/EAP-PSK/020604-eappsk.pcap
-
draft-urien-eap-smartcard-06.txt Pascal Urien, August 19 2004
- Re: draft-urien-eap-smartcard-06.txt Thomas Otto, August 20 2004
- Re: draft-urien-eap-smartcard-06.txt Pascal Urien, August 20 2004
- Re: draft-urien-eap-smartcard-06.txt Mohamad Badra, August 20 2004
Results generated by Tiger Technologies using MHonArc.