Recent MAC improvements

Iain Morgan imorgan at
Tue Jun 12 05:42:36 EST 2007

These sound like very interesting improvements.

Is the 20% improvement you quote for UMAC-64 relative to 
4.6p1 or to a build that has Markus' improvement?

On Mon, Jun 11, 2007 at 14:43:33 +1000, Damien Miller wrote:
> Hi,
> There has been some recent work to improve the speed of the Message
> Authentication Codes (MACs) that are used in OpenSSH.
> The first improvement is a change from Markus Friedl to reuse the MAC
> context, rather than reinitialising it for every packet. This saves two
> calls to the underlying hash function (e.g. SHA1) for each packet. My
> tests found that this yielded at 12-16% speedup for bulk transfers to
> localhost using HMAC-MD5 and arcfour256. HMAC-SHA1 should see an even
> bigger improvement, because SHA1 is a more expensive hash function.
> The second improvement is Peter Valchev's addition of a new MAC: Ted
> Krovetz' UMAC-64[1]. This MAC uses a very different approach than the
> HMACs that OpenSSH currently supports, and it comes with a nice security
> proof that guarantees its resistance so long as its underlying block
> cipher (AES) remains cryptologically intact. Testing (bulk transfers to
> localhost using arcfour256) found UMAC-64 to perform 20% better than
> HMAC-MD5, and 28% faster than HMAC-SHA1. This new MAC may be selected
> by specifying "MACs=umac-64 at" in a server or client config.
> These changes need testing on as many platforms as possible. In particular
> we are interested in the following corner cases:
> - Old OpenSSL version (0.9.5ish)
> - Testing between big and little endian machines (i386 vs. sparc for example)
> - Testing between previous OpenSSH versions and -current
> - Testing on strict alignment architectures like Alpha and Itanium
> Please report your findings to the mailing list.
> -d
> [1]
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Iain Morgan

More information about the openssh-unix-dev mailing list