(Originally posted to Monochromatic Outlook)
I’ve recently set up a local server on a Beaglebone Black, which is a credit-card sized computer with a 1GHz ARM Cortex-A8 processor. I’m using it as a cloud server to sync my calendar and contacts, having moved the ownCloud instance (mentioned the other day) from my hosted VPS to my local network.
I created a self-signed certificate authority and an SSL cert for the server and discovered that, contrary to most of my experience running commercial servers, SSL can add a huge load to a low-powered server.
So I recreated the key and cert several times at different key lengths to see what the difference in computational complexity was. Here’s what I got: (these are all numbers accessing a PHP test page across a local network with
ab, so the only significant bottleneck should be the load on the server.)
|protocol, key size||rate of completed requests||mean response time|
|http (no ssl)||69.37 req/sec||14ms|
|1024-bit key||14.88 req/sec||333ms|
|1536-bit key||6.96 req/sec||712ms|
|2048-bit key||7.24 req/sec||684ms|
|4096-bit key||2.54 req/sec||1951ms|
Clearly on an admittedly underpowered webserver (though it wasn’t that long ago that we all ran huge sites on servers with fewer horses) SSL can make a huge hit on performance.
So for this purpose (syncing my address book and calendar) I’m sticking with a 1024-bit key. I’m the only user, but it makes a noticeable difference when accessing ownCloud in the browser where there are an unknown number of AJAX requests made to the server.
My thinking (for the moment anyhow) is that even if 1024-bit key SSL is cracked once somewhere that the computational expense will be too high for anyone to care about getting my address book. Granted, they won’t know it’s my address book. The NSA could be recording every packet so that in 20 years they can decode it when the cost to decode is cheap. Or 10 years; who knows? The point is that by the time that they get at this data it will be stale. People will have moved to new addresses and I’ll have already gone to the appointments in my calendar.
For a commercial application I still wouldn’t ever use less than a 2048-bit key. If you don’t have the server horsepower to handle it, maybe you ought to rethink your business plan. But for personal blogs who want to be part of the https everywhere movement, maybe 1024-bit keys are good enough.