Transfer encryption
Aah, Yes.. I finally had time to write that blowfish encryption for ftp (on win32), which allows secure transfers at very high speeds. (fxp is possible as well)
As I had performance in priority #1 when designing this algorithm, I decided to use two different encryption methods:
1. BF_cbc_encrypt(), which encrypts data in 8byte blocks - used to encrypt/decrypt most of transfer.
2. BF_cfc64_encrypt(), encrypts 1byte at time - used to encrypt/decrypt block at the end of file, if it isn't dividable by 8.
Performance comparison for uploads:
RAW: 50mb/sec (Peak)
BF: 40mb/sec
Downloads:
RAW: 45mb/sec
BF: 45mb/sec
Raw:
ftp> get GAME.REZ nul
200 PORT command successful.
150 Opening BINARY mode data connection for GAME.REZ.
226 [PWD: /pub/games/No One Lives Forever 2/ ]-[Section: Default]-[Credits: -2209.4M]-[Ratio: Unlimited]-[Speed: 43113.7kb/s]
ftp: 224475015 bytes received in 5,09Seconds 44127,19Kbytes/sec.
Blowfish (1 byte key, in secret key algorithms key size doesn't have anything to do with encryption speed):
ftp> quote bfk 1,1
200 Blowfish key set.
ftp> get GAME.REZ nul
200 PORT command successful.
150 Opening BINARY mode data connection for GAME.REZ.
226 [PWD: /pub/games/No One Lives Forever 2/ ]-[Section: Default]-[Credits: -2209.4M]-[Ratio: Unlimited]-[Speed: 43740.1kb/s]
ftp: 224475015 bytes received in 5,01Seconds 44832,24Kbytes/sec.
Valid blowfish implementation must use TLS or SSL control connection as base - secret keys are transfered as plain text via this channel.
I will post documented C examples for non-blocking reading & writing, and better documentation later this week. (Full daemon implementation in C took less than 230lines of commented code & it was done in 7hours).
Any Questions/Comments?
|