if CPU time is the bottleneck ... [LWN.net]

if CPU time is the bottleneck ...

Posted Feb 13, 2008 21:26 UTC (Wed) by drag (subscriber, #31333)
In reply to: if CPU time is the bottleneck ... by ncm
Parent article: Multi-threaded OpenSSH

I think that in the typical case AES is going to be slower then blowfish, but the kernel has
lots of optimizations for AES. AES would be especially fast if your machine supports a crypt
accelerator like Via provides in most of it's Mini-ITX machines. 

Anyways.. Hasn't Blowfish been superseded by twofish by it's own creator?

As for vetted. Blowfish has been examined by lots and lots of people. It's not AES, but it's
been looked at by serious people worldwide. I doubt the OpenBSD folks would use it if it
wasn't.

(Log in to post comments)

if CPU time is the bottleneck ...

Posted Feb 14, 2008 5:35 UTC (Thu) by jimparis (subscriber, #38647) [Link]

> I think that in the typical case AES is going to be slower then blowfish, but the kernel has
lots of optimizations for AES. AES would be especially fast if your machine supports a crypt
accelerator like Via provides in most of it's Mini-ITX machines. 

As far as I'm aware, OpenSSH uses neither kernel interfaces nor hardware acceleration for
encryption, so I doubt that either of those help in this case.

if CPU time is the bottleneck ...

Posted Feb 14, 2008 5:45 UTC (Thu) by jimparis (subscriber, #38647) [Link]

Sorry, I take that back.
It looks like if you configure --with-ssl-engine, OpenSSH will make the appropriate calls to
tell OpenSSL to use any available hardware crypto engines.  Nice.

if CPU time is the bottleneck ...

Posted Feb 15, 2008 21:06 UTC (Fri) by nix (subscriber, #2304) [Link]

Oh, is *that* what the OpenSSL `engine' stuff is for? I was wondering. 
(Not very hard, or I'd have looked at the source.)