On jeu., 2013-03-14 at 14:14 +0100, Matthias Schniedermeyer wrote: > Given that openssl doesn't support AES-NI i'm not surprized. Where did you get that impression? > > Last time i looked AES-NI support in openssl was "in Limbo" and it > may > still take quite some time(years) until there is a release which > officially supports AES-NI. This is despite first patches beeing made > available before there was silicon, so openssl is quite a few years > behind. Actually, OpenSSL supports AES-NI since 1.0.1 (see http://www.openssl.org/news/changelog.html) > > I'm using an unofficial "something" (Can't remember what it is excatly > ) > so that openssl can utelize AES-NI which in turn enables AES-NI usage > for SSH, so i can use it for scp or rsync over SSH. > The difference is quite noticable, altough in LANs i just use > ARCFOUR. > No patching necesarry to saturate Gigabit. :-) > > When i tested it some time back over loopback both AES-128-CBC(*) > (with > AES-NI) and ARCFOUR peaked at about 400MB/s(IIRC), so no problem > doing > the 110MB/s needed to saturate Gigabit. It all really depends on block size. But on my (Core i7 L640) laptop, there's really no reason to use rc4 anymore. CBC is not the best example, aes-128-cbc is indeed accelerated by AES-NI instructions but you really go fast with a mode using PCLMULQDQD like XTS: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes rc4 255340.98k 469098.47k 599298.65k 658621.73k 679368.02k aes-128 cbc 85363.96k 91553.34k 93105.32k 93570.31k 93784.75k aes-128-xts 272573.48k 849359.06k 1540640.28k 1956586.50k 2111556.27k It's even stronger when you use authenticated ciphers like GCM if you compare it against enc+mac. You can't openssl speed on those but using 1k blocs: for cipher in aes-128-cbc-hmac-sha1 aes-128-gcm rc4-hmac-md5; do echo $cipher; dd if=/dev/zero bs=1k count=1M | openssl enc -${cipher} -pass pass:foo > /dev/null; done aes-128-cbc-hmac-sha1 1048576+0 records in 1048576+0 records out 1073741824 bytes (1,1 GB) copied, 3,27757 s, 328 MB/s aes-128-gcm 1048576+0 records in 1048576+0 records out 1073741824 bytes (1,1 GB) copied, 1,90992 s, 562 MB/s rc4-hmac-md5 1048576+0 records in 1048576+0 records out 1073741824 bytes (1,1 GB) copied, 3,40679 s, 315 MB/s It's a bit out of scope for this list, but that means using dm-crypt aes-xts-plain64 on an AES-NI CPU really makes sense. On those boxes it might be even faster to use aes-256-xts than aes-128-cbc. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt