Recent MAC improvements

[Corinna Vinschen]

On Jun 11 14:43, Damien Miller wrote:
> Hi,
> 
> There has been some recent work to improve the speed of the Message
> Authentication Codes (MACs) that are used in OpenSSH.
> 
> The first improvement is a change from Markus Friedl to reuse the MAC
> context, rather than reinitialising it for every packet. This saves two
> calls to the underlying hash function (e.g. SHA1) for each packet. My
> tests found that this yielded at 12-16% speedup for bulk transfers to
> localhost using HMAC-MD5 and arcfour256. HMAC-SHA1 should see an even
> bigger improvement, because SHA1 is a more expensive hash function.
> 
> The second improvement is Peter Valchev's addition of a new MAC: Ted
> Krovetz' UMAC-64[1]. This MAC uses a very different approach than the
> HMACs that OpenSSH currently supports, and it comes with a nice security
> proof that guarantees its resistance so long as its underlying block
> cipher (AES) remains cryptologically intact. Testing (bulk transfers to
> localhost using arcfour256) found UMAC-64 to perform 20% better than
> HMAC-MD5, and 28% faster than HMAC-SHA1. This new MAC may be selected
> by specifying "MACs=umac-64 at openssh.com" in a server or client config.
> 
> These changes need testing on as many platforms as possible. In particular
> we are interested in the following corner cases:
> 
> - Old OpenSSL version (0.9.5ish)
> - Testing between big and little endian machines (i386 vs. sparc for example)
> - Testing between previous OpenSSH versions and -current
> - Testing on strict alignment architectures like Alpha and Itanium
> 
> Please report your findings to the mailing list.

Builds and runs fine on Cygwin w/ openssl 0.9.8e.  Exchanging data
with Cygwin 4.6p1 and Linux 4.5p1 works fine.  UMAC works fine between
Cygwin machines.  I see a 14% speed improvement in a default scp
with no further options, relative to 4.6p1.  Using umac-64 the speed
improvement is 15%.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat