ssh / scp slow on 10GBE
Christian Weisgerber
naddy at mips.inka.de
Tue Jan 8 08:05:18 EST 2013
Damien Miller <djm at mindrot.org> wrote:
> > Well, you certainly won't get anything faster than your 700 MB of
> > openssl aes speed results. You cannot transmit data faster, than you
> > encrypt them. And even this upper bound is not reachable, because of
> > checksumming overhead.
>
> Right: if you are using AES and umac-64 as your MAC then you are actually
> invoking AES twice as umac-64 uses AES internally.
That's misleading. UMAC uses AES only to encrypt its final hash
(somewhat like GMAC). It does not run all the data through AES.
> Alternately, we are considering adding support for AES-GCM which is very
> fast on recent Intel CPUs and probably slightly faster than AES+umac-64
> everywhere.
I doubt it. Check "openssl speed md5 sha1 sha256 ghash". Figures
vary across architectures and machines, but GHASH performance for
large blocks seems broadly similar to SHA-1 and slower than MD5.
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the openssh-unix-dev
mailing list