18 Feb
2003
18 Feb
'03
6:51 p.m.
On Tue, 18 Feb 2003, Stephen Sprunk wrote:
It also allows precomputation of the key stream, adding nearly zero latency/jitter to the actual packet processing.
You fail to note that this requires precomputing and storing a keystream for every SA on the encrypting device, which often number in the thousands. This isn't feasible in a software implementation, and it's unnecessary in hardware.
You don' have to store the entire keystream, just enough to allow on-the-fly packet processing. Besides, memory is cheap. 100 msec buffers for 100,000 simultaneous voice connections is an astonishing 80 Mb. More realistically, it's 10k calls and 30 msec of buffering. --vadim