chacha20+poly1305 authenticated encryption
Damien Miller
djm at mindrot.org
Sun Nov 17 14:35:34 EST 2013
On Sat, 16 Nov 2013, James Cloos wrote:
> My first test is for speed on the kinds of systems where I regularly
> need bulk transfers over ssh.
>
> On kvm, where aesni is unavailable, chacha20-poly1305 at openssh.com is
> more than twice as fast as aes128-gcm at openssh.com and about 20% faster
> than aes128-cbc.
>
> But on a box where aesni *is* available, chacha20-poly1305 is 85% as
> fast as aes128-cbc and about 45% as fast as aes128-gcm.
There is plenty of room for improvement - both the Poly1305 and
ChaCha20 implementations in the patch are plain C. There are
significantly faster versions available in libnacl/libsodium.
Once this code lands in OpenSSH, I'll probably add some way to use
these external libraries in portable OpenSSH.
-d
More information about the openssh-unix-dev
mailing list