SSL and Modular Exponentiation

The most common algorithm for key exchange and authentication is RSA (from the initials of its inventors). (DSA - Digital Signature Algorithm - is another, but is quite rarely used for web sites.)

RSA is the mathematical operation that is used by SSL to prove the authenticity of the server certificate, as well as exchange keys used for authentication and encryption of the stream. RSA works on the mathematics of 1024-bit (and larger) prime numbers - i.e numbers over 300 decimal digits long. See the wikipedia article on RSA for the (yawn) details.

Like most digital signature schemes, RSA involves working out complex sums like, for example: raising a 300-digit number to the power of another 300-digit number and then dividing by another 300-bit number and then taking the remainder. This takes a lot of CPU.

In fact it takes so much CPU that 10 years ago, if you had a web server with no acceleration, your web site could only handle about ten new clients per second.

This is why SSL acceleration / SSL offloading is required.

• HOME
• SSL AND MODULAR EXPONENTIATION
• HARDWARE - CARDS
• HARDWARE - ROUTERS/REVERSE PROXIES/TERMINATORS
• FUTURE OF SSL - THE 64-bit FACTOR
• SECURITY CONSIDERATIONS
• HISTORY OF SSL AND SSL DOCS
• TIDBITS
• FEEDBACK AND COMMENTS