"cipher none" alternatives ?
Andrew Daviel
andrew at andrew.triumf.ca
Tue Mar 20 12:53:18 EST 2001
On Mon, 19 Mar 2001, Rob Hagopian wrote:
> There's an older thread about this, you can hack in none support really
> easily, but I did performance tests between arcfour and none on Dual PIII
> 850Mhz machines and there was no significant performance difference. One
> of the developers here asked for full profiling info but I haven't had
> time to assemble it...
> -Rob
I've spent a bit of time measuring things between two SGI machines - old
and not-quite-so old. These are multiprocessor machines so the total CPU
effort is quite good for data analysis still though a single task like SSH
will lag a new Intel appreciably. I can't remember the clock speed -
120MHz or something on the older one I think though I believe the MIPS
chip needs less clock cycles per instruction than Pentium (and the
floating point's better)
SGI Irix 6.5 MIPSchip IP27 -> Irix 5.3 MIPSchip IP19 on 100BaseT
4Mb file times given in seconds (transfer time)/(including setup)
comands e.g. time scp2 -c twofish -P 8122 test.dat remote:/tmp
CIPHER
Transport none DES 3des blowfish twofish arcfour idea cast128 aes128 aes256 rijndael
NFS 2.0
ftp 5.3
HTTP 5.5
openssh 7/12 4/9 5/16 5/18 7/19 9/21 7/17
ssh1 5/6.5 10 22/24 7/8 6/6.2 13
ssh2 21/24 26/29 20/23 19/22 20/23 21/24
ssh1->openssh 11/11 5/5.4
ssh2->openssh 15/19 17/21 19/23
openssh->ssh1 21/28 6/11
openssh->ssh2 15/20 8/12 4/7 10/15
84Mb file
NFS 25.42
ftp 104.29
openssh arcfour 114/127
openssh blowfish 117/130
One of our users was talking about moving gigabytes; I'm not sure if a
single file or little ones. They had complained about the time taken
by ssh1 compared with ftp.
It looks like NFS is easily the fastest, then the unencrypted transfers
with arcfour/blowfish on OpenSSH close behind, if you ignore the setup
time (from when I hit return till when the activity indicator starts)
The system had a normal user load so times are not guaranteed.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at triumf.ca
More information about the openssh-unix-dev
mailing list