[erlang-questions] Using my own Diffie-Hellman + AES instead of SSL

dmitry kolesnikov <>
Thu Jun 7 14:29:15 CEST 2012


Hello,

I guess you can use crypto:dh_compute_key for DH key exchange procedure.

Your application cannot trust server w/o certificates. Therefore
number of attacks are possible. If you are fine with all related
threats then yes this is good option to save memory.

On another hand, if you need to use multiple transport e.g. Tcp + udp
then it is good as well.

Btw, C ssl API allows to perform SSL:read/write directly to memory. It
would be cool if such feature is available in Erlang. I suppose it
might help to reduce memory footprint for some applications

Best Regards,
Dmitry >-|-|-*>


On 7.6.2012, at 13.35, Morgan Segalis <> wrote:

> Hi everyone,
>
> As always (for those who remember my old posts), I'm looking to reduce the memory footprint of a secure connection to my server.
>
> I'm right now looking into doing my own Diffie-Hellman key exchange + AES 128-bit encryption over a TCP connection instead of using Erlang SSL.
> Using SSL with this kinda feels like using a bazooka for smashing a fly.
>
> The thing is, I do not really need certificates, since the connection url is embedded in a application, and it is using a proprietary protocol.
>
> Before trying to implement this solution, I would like to hear pros and cons, from Erlang experts on this mailing lists ! (others are welcome too of course ;-) )
>
> I'm actually looking to implement the same thing as here http://blog.diginux.net/2006/11/15/adding-aes-encryption-to-erlang-chat/
>
> Thanks for your help.
>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions



More information about the erlang-questions mailing list