Recent MAC improvements
rapier at psc.edu
Tue Jun 12 03:01:03 EST 2007
Should we just use a recent snap or is there a patch to apply against
Damien Miller wrote:
> There has been some recent work to improve the speed of the Message
> Authentication Codes (MACs) that are used in OpenSSH.
> The first improvement is a change from Markus Friedl to reuse the MAC
> context, rather than reinitialising it for every packet. This saves two
> calls to the underlying hash function (e.g. SHA1) for each packet. My
> tests found that this yielded at 12-16% speedup for bulk transfers to
> localhost using HMAC-MD5 and arcfour256. HMAC-SHA1 should see an even
> bigger improvement, because SHA1 is a more expensive hash function.
> The second improvement is Peter Valchev's addition of a new MAC: Ted
> Krovetz' UMAC-64. This MAC uses a very different approach than the
> HMACs that OpenSSH currently supports, and it comes with a nice security
> proof that guarantees its resistance so long as its underlying block
> cipher (AES) remains cryptologically intact. Testing (bulk transfers to
> localhost using arcfour256) found UMAC-64 to perform 20% better than
> HMAC-MD5, and 28% faster than HMAC-SHA1. This new MAC may be selected
> by specifying "MACs=umac-64 at openssh.com" in a server or client config.
> These changes need testing on as many platforms as possible. In particular
> we are interested in the following corner cases:
> - Old OpenSSL version (0.9.5ish)
> - Testing between big and little endian machines (i386 vs. sparc for example)
> - Testing between previous OpenSSH versions and -current
> - Testing on strict alignment architectures like Alpha and Itanium
> Please report your findings to the mailing list.
>  http://fastcrypto.org/umac/
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev