Cipher preference
Christian Weisgerber
naddy at mips.inka.de
Thu Jan 2 02:41:17 EST 2014
James Cloos <cloos at jhcloos.com> wrote:
> When testing chacha20-poly1305, I noticed that aes-gcm is significantly
> faster than aes-ctr or aes-cbs with umac. Even on systems w/o aes-ni
> or other recent instruction set additions.
No way. This disagrees completely with what I'm seeing:
On Sandy Bridge systems with AES-NI, aes128-gcm is about as fast
as aes128-ctr+umac-64.
On x86-64 systems without AES-NI, aes128-gcm is slower than
aes128-ctr+umac-64. (OpenSSL 1.0.1c, 1.0.1e)
On other systems without AES-NI or the benefit of assembly language
optimizations in OpenSSL, aes128-gcm is painfully slower than
aes128-ctr+umac-64. (OpenSSL 1.0.1c)
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the openssh-unix-dev
mailing list