OpenSSH slow on OSX High Sierra (maybe due to libcrypto)?
Jan Schermer
jan at schermer.cz
Fri Jul 13 08:56:37 AEST 2018
This is on Mojave
$ sysctl machdep.cpu.brand_string; /usr/bin/openssl speed rsa
machdep.cpu.brand_string: Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz
Doing 512 bit private rsa's for 10s: 13043 512 bit private RSA's in 9.88s
Doing 512 bit public rsa's for 10s: 130182 512 bit public RSA's in 9.92s
Doing 1024 bit private rsa's for 10s: 2290 1024 bit private RSA's in 9.95s
Doing 1024 bit public rsa's for 10s: 27525 1024 bit public RSA's in 9.93s
Doing 2048 bit private rsa's for 10s: 339 2048 bit private RSA's in 9.94s
Doing 2048 bit public rsa's for 10s: 7251 2048 bit public RSA's in 9.96s
Doing 4096 bit private rsa's for 10s: 51 4096 bit private RSA's in 10.05s
Doing 4096 bit public rsa's for 10s: 1963 4096 bit public RSA's in 9.94s
LibreSSL 2.6.4
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
sign verify sign/s verify/s
rsa 512 bits 0.000757s 0.000076s 1320.1 13123.2
rsa 1024 bits 0.004345s 0.000361s 230.2 2771.9
rsa 2048 bits 0.029322s 0.001374s 34.1 728.0
rsa 4096 bits 0.197059s 0.005064s 5.1 197.5
Homebrew’s real openssl version copes a “bit” better
$ /usr/local/Cellar/openssl/1.0.2o_2/bin/openssl speed rsa
Doing 512 bit private rsa's for 10s: 218442 512 bit private RSA's in 9.92s
Doing 512 bit public rsa's for 10s: 2249226 512 bit public RSA's in 9.87s
Doing 1024 bit private rsa's for 10s: 78250 1024 bit private RSA's in 9.92s
Doing 1024 bit public rsa's for 10s: 1107881 1024 bit public RSA's in 9.91s
Doing 2048 bit private rsa's for 10s: 11736 2048 bit private RSA's in 9.96s
Doing 2048 bit public rsa's for 10s: 381898 2048 bit public RSA's in 9.97s
Doing 4096 bit private rsa's for 10s: 1692 4096 bit private RSA's in 9.98s
Doing 4096 bit public rsa's for 10s: 107800 4096 bit public RSA's in 9.98s
OpenSSL 1.0.2o 27 Mar 2018
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
sign verify sign/s verify/s
rsa 512 bits 0.000045s 0.000004s 22020.4 227885.1
rsa 1024 bits 0.000127s 0.000009s 7888.1 111794.2
rsa 2048 bits 0.000849s 0.000026s 1178.3 38304.7
rsa 4096 bits 0.005898s 0.000093s 169.5 10801.6
Jan
> On 12 Jul 2018, at 22:30, Peter Moody <mindrot at hda3.com> wrote:
>
> On Thu, Jul 12, 2018 at 1:10 AM, Darren Tucker <dtucker at dtucker.net> wrote:
>
>> If anyone has such a machine handy, could you please run "sysctl
>> machdep.cpu.brand_string; /usr/bin/openssl speed rsa" and post the
>> results for comparison?
>
> $ /usr/bin/openssl speed rsa
> [...]
> sign verify sign/s verify/s
> rsa 512 bits 0.000622s 0.000037s 1606.5 27333.3
> rsa 1024 bits 0.003932s 0.000176s 254.3 5689.6
> rsa 2048 bits 0.025932s 0.000751s 38.6 1331.3
> rsa 4096 bits 0.176667s 0.002718s 5.7 367.9
>
> $ sysctl machdep.cpu.brand_string
> machdep.cpu.brand_string: Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz
>
> $ uname -a
> Darwin localhost 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8
> 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64
>
> vs
>
> $ ./apps/openssl/openssl speed rsa
> [...]
> sign verify sign/s verify/s
> rsa 512 bits 0.000049s 0.000006s 20467.2 167761.5
> rsa 1024 bits 0.000166s 0.000015s 6032.5 65297.8
> rsa 2048 bits 0.000948s 0.000051s 1054.8 19469.8
> rsa 4096 bits 0.007410s 0.000194s 134.9 5147.4
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list