"cipher none" alternatives ?

Andrew Daviel andrew at andrew.triumf.ca
Tue Mar 20 12:53:18 EST 2001


On Mon, 19 Mar 2001, Rob Hagopian wrote:

> There's an older thread about this, you can hack in none support really
> easily, but I did performance tests between arcfour and none on Dual PIII
> 850Mhz machines and there was no significant performance difference. One
> of the developers here asked for full profiling info but I haven't had
> time to assemble it...
> 								-Rob


I've spent a bit of time measuring things between two SGI machines - old
and not-quite-so old. These are multiprocessor machines so the total CPU
effort is quite good for data analysis still though a single task like SSH
will lag a new Intel appreciably. I can't remember the clock speed -
120MHz or something on the older one I think though I believe the MIPS
chip needs less clock cycles per instruction than Pentium (and the
floating point's better)

SGI Irix 6.5 MIPSchip IP27 -> Irix 5.3 MIPSchip IP19  on 100BaseT

4Mb file   times given in seconds (transfer time)/(including setup)
comands e.g. time scp2 -c twofish -P 8122 test.dat remote:/tmp

                                                   CIPHER
Transport           none   DES   3des  blowfish   twofish    arcfour   idea  cast128   aes128   aes256   rijndael

NFS                 2.0
ftp                 5.3
HTTP                5.5
openssh                            7/12    4/9                5/16             5/18      7/19      9/21     7/17
ssh1                5/6.5  10     22/24    7/8                6/6.2     13
ssh2                       21/24  26/29   20/23    19/22     20/23            21/24
ssh1->openssh                     11/11    5/5.4
ssh2->openssh                     15/19   17/21              19/23
openssh->ssh1                     21/28    6/11
openssh->ssh2                     15/20    8/12               4/7             10/15

84Mb file
NFS 25.42
ftp 104.29
openssh arcfour   114/127
openssh blowfish  117/130

One of our users was talking about moving gigabytes; I'm not sure if a
single file or little ones. They had complained about the time taken
by ssh1 compared with ftp.

It looks like NFS is easily the fastest, then the unencrypted transfers
with arcfour/blowfish on OpenSSH close behind, if you ignore the setup
time (from when I hit return till when the activity indicator starts)
The system had a normal user load so times are not guaranteed.

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at triumf.ca






More information about the openssh-unix-dev mailing list