LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

if CPU time is the bottleneck ...

if CPU time is the bottleneck ...

Posted Feb 13, 2008 18:45 UTC (Wed) by ncm (subscriber, #165)
In reply to: if CPU time is the bottleneck ... by JoeBuck
Parent article: Multi-threaded OpenSSH 

As I understand it, AES is faster than Blowfish, and is also implemented in every current SSH
server.  Have you benched Blowfish against AES?  AES has the further advantage of having been
vetted by every group of top world cryptographers.   OpenSSH (at least as shipped in Debian)
defaults to aes-128-cbc.  If you don't trust AES 128, you can edit /etc/ssh/ssh_config to
prefer AES 192, and probably still encrypt faster than blowfish.

A modern CPU can encrypt fast enough to saturate a several-hundred-megabit link.  For most of
us, the CPU is not the bottleneck.

(Log in to post comments)

if CPU time is the bottleneck ...

Posted Feb 13, 2008 21:26 UTC (Wed) by drag (subscriber, #31333) [Link] 

I think that in the typical case AES is going to be slower then blowfish, but the kernel has
lots of optimizations for AES. AES would be especially fast if your machine supports a crypt
accelerator like Via provides in most of it's Mini-ITX machines. 

Anyways.. Hasn't Blowfish been superseded by twofish by it's own creator?

As for vetted. Blowfish has been examined by lots and lots of people. It's not AES, but it's
been looked at by serious people worldwide. I doubt the OpenBSD folks would use it if it
wasn't.

if CPU time is the bottleneck ...

Posted Feb 14, 2008 5:35 UTC (Thu) by jimparis (subscriber, #38647) [Link] 

> I think that in the typical case AES is going to be slower then blowfish, but the kernel has
lots of optimizations for AES. AES would be especially fast if your machine supports a crypt
accelerator like Via provides in most of it's Mini-ITX machines. 

As far as I'm aware, OpenSSH uses neither kernel interfaces nor hardware acceleration for
encryption, so I doubt that either of those help in this case.

if CPU time is the bottleneck ...

Posted Feb 14, 2008 5:45 UTC (Thu) by jimparis (subscriber, #38647) [Link] 

Sorry, I take that back.
It looks like if you configure --with-ssl-engine, OpenSSH will make the appropriate calls to
tell OpenSSL to use any available hardware crypto engines.  Nice.

if CPU time is the bottleneck ...

Posted Feb 15, 2008 21:06 UTC (Fri) by nix (subscriber, #2304) [Link] 

Oh, is *that* what the OpenSSL `engine' stuff is for? I was wondering. 
(Not very hard, or I'd have looked at the source.)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.