curve25519-sha256 key exchange at lest 50% times slower than DHE
Igor Bukanov
igor at mir2.org
Sat Feb 21 10:55:28 AEDT 2015
Hello,
I tried to optimize ssh server and client config to minimize the ssh
connection time while keeping things resonably secure. I observed that
timing of `ssh vm true` when running against a VM on my laptop was at
least 50% times slower when using curve25519-sha256 compared with
diffie-hellman-group-exchange-sha256. With openssh 6.6p1 on both a
client and server the best timing when running
ssh -o Ciphers=aes128-gcm at openssh.com -o
KexAlgorithms=diffie-hellman-group-exchange-sha256 vm-name true
was 95ms while the best result for
ssh -o Ciphers=aes128-gcm at openssh.com -o
KexAlgorithms=curve25519-sha256 at libssh.org vm-name true
was 140ms with much greater deviation among results so on average it
run 2 times slower.
Is it just an artifact of less optimized implementation or is this
inherited in 25519 design?
Also, could rather significant variation in results be used to learn
how busy the box is or this is normal as key exchange timing is
variable by design?
More information about the openssh-unix-dev
mailing list