Re: Limiting ssh access: by MAC Address?

[Jeffrey Walton <noloader@gmail.com>]

On Wed, Jan 4, 2023 at 11:34 PM Gareth Evans <donotspam@fastmail.fm> wrote:
>
> > On 3 Jan 2023, at 22:07, Tom Browder <tom.browder@gmail.com> wrote:
> > I ... would like to access my home server from my laptop ...
>
>
> > On 5 Jan 2023, at 04:13, Jeffrey Walton <noloader@gmail.com> wrote:
> > ...
> > Avoiding the key exchange is a big win
> > since those public key operations are so costly.
>
> Costly in what sense and circumstances?

Public key operations for key exchange dominate the cpu cost of a
session. Key exchange is the limiting factor in how many connections a
server can handle. It has always been this way, even for SSL/TLS and
IPSec.

In contrast, bulk encryption is cheap. Bulk encryption is the block or
stream cipher, and the mac calculations.

One of the reasons x25519 is so valuable is how efficient it is. Here
are some benchmarks from Crypto++ on a Core i5 10th gen Ice Lake
machine:

Scheme     |    ms/op    |  megacycle/op
========================================
DH-2048    |    0.565    |     1.977
ECDH p256  |    0.456    |     1.595
x25519     |    0.039    |     0.138

In the numbers above, lower is better. x25519 is about 15x faster than
DH over integers, and about 11x faster than DH over EC.

Key exchange is measured in megacycles per operation. That is, how
many million-cycles is needed for an operation. Here, the operation is
exponentiation in a finite field. In contrast, bulk encryption is
measured in cycles per byte.

Jeff