"cipher none" alternatives ?

Pekka Savola pekkas at netcore.fi
Sat Mar 17 19:23:44 EST 2001

On Fri, 16 Mar 2001, Dan Kaminsky wrote:
>     Incidentally--if anyone out there is skilled at profiling code, I think
> the SSH client could use a look.  I think there are absolute limits embedded
> in there as to how fast it may run, because it'll never use up as much CPU
> as is available to it and will top out at 150-220K/s no matter the speed of
> the client or server.

I wonder where you got that 150-220K/s number.  That's completely untrue.
I've scp'd, using a fast cipher like arcfour (blowfish isn't bad either),
files over 100baseTx LAN at the speed of over 5 MB/s or so.

>From 16 Oct 2000:
On Sat, 14 Oct 2000, Damien Miller wrote:
> Seriously, some of the ciphers offered by SSH2 are pretty fast. These
> are the times it took to scp a 100Mb file to /dev/null via ssh2 over
> localhost:
> P166
> 3des-cbc: 232 sec 431kbps
> blowfish-cbc: 90 sec 1.1Mbps
> arcfour: 71 sec 1.4Mbps
> P3/700
> 3des-cbc: 47 sec 2.1Mbps
> blowfish-cbc: 18 sec, 5.5Mbps
> cast128-cbc: 18 sec, 5.5Mbps
> arcfour: 12 sec 8.3Mbps


I did similar tests on my P2/266 system to see how fast aes128-cbc and
rijndael128-cbc were.  These were conducted with a 10 MB data off

arcfour         3.1 MB/s
blowfish-cbc    2.2 MB/s
cast128-cbc     2.1 MB/s
aes128-cbc      1.6 MB/s
rijndael128-cbc 1.6 MB/s
3des-cbc        0.8 MB/s

(I timed scp to localhost using an empty file to get the authentication
overhead, then timed with the real file)

Note that these were with localhost-localhost copy.  Copying over network
isn't significantly slower.  With a dual P3/500 and 10k Ultra2 SCSI
drives, I've done way more than 5.0 MB/s.

Pekka Savola                  "Tell me of difficulties surmounted,
Netcore Oy                    not those you stumble over and fall"
Systems. Networks. Security.   -- Robert Jordan: A Crown of Swords

More information about the openssh-unix-dev mailing list