Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dan McDonald (danmcdeast.sun.com)
Date: Wed Nov 14 2001 - 14:08:45 CST
> Has anybody done an IPSEC implementation using Rijndael?
Yes. Solaris 9 will support it in ESP as "AES". (This means RTFM for
Due to import restrictions of other countries, AES for Solaris IPsec will be
available as a download, not unlike what DES and 3DES are for Solaris 8 right
now. (The good news, however, is that DES and 3DES will be in Solaris 9
right out of the box.) Blowfish will also be available for S9 in the same
S9 out of the box: DES, 3DES
S9 additional download: AES, Blowfish
Enough marketing, on to the good stuff.
> Were there any difficulties associated with the choice of keylengths,
> or with longer keys in general?
Not really. The only real trick was what to pick for default key length (128
bits), how to get IPsec policy to focus on a key length, and how to get IKE
to negotiate whatever keylength properly.
> I've been dealing with 3DES-based routers recently, and the slowness of
> some software implementations has been quite depressing; even some of the
> hardware-accelerated versions can't keep a T3 full. So getting a
> standardized Rijndael would be a big win.
AES smokes 3DES in software. (Esp. because AES/Rijndael doesn't require the
"rotate" primitive which is really bad for SPARC.) In our code, it even
beats DES (again, the whole rotate issue). I don't have the exact numbers
handy, but I think a mere Ultra 10 can keep at least half of a T3 full -
I just did a large file xfer between my 2 x 900 MHz UltraSPARC III desktop
and a 4-way 550 MHz Intel Xeon server (both running Solaris 9 builds) and got
~T3 speeds (5564 Kbytes/sec according to FTP, which is ~45Mbit/sec) over a
100Mbit 5-hop path. Since it was a single connection, you probably could've
achieved the same results with single-processors. The traffic was protected
with ESP with 128-bit AES + MD5. As always, your mileage may vary. Also,
since 192 and 256-bit AES have more rounds, their latencies will be higher,
and your performance will drop slightly.
AES is a Good Thing (TM), and hopefully the scrutiny that it has received
will not reveal any flaws.