chacha20+poly1305 authenticated encryption
James Cloos
cloos at jhcloos.com
Sun Nov 17 09:37:06 EST 2013
My first test is for speed on the kinds of systems where I regularly
need bulk transfers over ssh.
On kvm, where aesni is unavailable, chacha20-poly1305 at openssh.com is
more than twice as fast as aes128-gcm at openssh.com and about 20% faster
than aes128-cbc.
But on a box where aesni *is* available, chacha20-poly1305 is 85% as
fast as aes128-cbc and about 45% as fast as aes128-gcm.
(On each test box chacha20-poly1305 had, as expected, about the same
performance. Aes128-gcm, OTOH, was five times as fast with aesni as
without and aes128-cbc was about 60% faster with aesni.)
Provided aes128-gcm and chacha20-poly1305 both are implmented correctly,
the latter will be a significant win fo many use cases.
(AIUI, gcm has proven relatively easy to implement *in*-correctly, and
poly1305 is supposed to avoid that, but performance also can be a valid
consideration.)
To make it easier for me, I put a snapshot of cvs head w/ the patches
from this thread at:
https://github.com/jhcloos/openssh-chacha-poly1305
Make tests is still running....
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the openssh-unix-dev
mailing list