I am interested in help selecting one of the mon symmetric encryption algorithms (Twofish, AES, etc) based on performance criteria (fastest encryption/decryption). We are currently leaning toward AES, but since the munications we are sending back and forth don't really need that level of encryption, a less secure algorithm would be acceptable for a performance gain.
We will be using the selected algorithm to encrypt/decrypt messages (should be no longer than 200 characters) that are being sent between the client and server (Javascript client and PHP on the server) over HTTPS. The speed of the algorithm is important because the encryption/decryption process will need to keep up with messages as they arrive/depart via sockets on the server.
I have found one site that has benchmarks for encryption and I plan to do my own testing, but I was hoping for input from SO on selecting an encryption for speed. Thanks in advance for any help.
EDIT: Please note that the message will not be sent over HTTPS, they will be sent over HTTP
I am interested in help selecting one of the mon symmetric encryption algorithms (Twofish, AES, etc) based on performance criteria (fastest encryption/decryption). We are currently leaning toward AES, but since the munications we are sending back and forth don't really need that level of encryption, a less secure algorithm would be acceptable for a performance gain.
We will be using the selected algorithm to encrypt/decrypt messages (should be no longer than 200 characters) that are being sent between the client and server (Javascript client and PHP on the server) over HTTPS. The speed of the algorithm is important because the encryption/decryption process will need to keep up with messages as they arrive/depart via sockets on the server.
I have found one site that has benchmarks for encryption and I plan to do my own testing, but I was hoping for input from SO on selecting an encryption for speed. Thanks in advance for any help.
EDIT: Please note that the message will not be sent over HTTPS, they will be sent over HTTP
Share Improve this question edited Aug 3, 2009 at 13:41 Steven asked Aug 3, 2009 at 13:05 StevenSteven 3,8432 gold badges24 silver badges27 bronze badges 3- 4 Isn't encryption over SSL redundant? If you're worried about man-in-the-middle attacks then implementing a decryption algorithm in JavaScript isn't really going to solve anything. – MyItchyChin Commented Aug 3, 2009 at 13:14
- @CptSkippy you are correct. I confused this item with another part of the strategy. Messages in this scenario are sent over HTTP 80. Sorry about that. – Steven Commented Aug 3, 2009 at 13:42
- why cant you use RC4 friend.. – user320618 Commented Apr 19, 2010 at 17:47
2 Answers
Reset to default 4It depends on the implementation. One of the reasons Rijndael was the final chosen AES algorithm was due to speed, size and simplicity, so most implementations will be good but other implementations may be slower.
Choose your implementation, then benchmark. If you're looking at rolling-your-own implementation, then your benchmark figures may be pletely different from what other third-party implementations.
It would be way faster, easier and reliable (security-wise) to use HTTPS encryption for your transfers. It's pletely transparent on the client-side, and will most likely have way better performances than your Javascript AES decrypting code.