OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dan McDonald (danmcdeast.sun.com)
Date: Wed Nov 14 2001 - 14:08:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > Has anybody done an IPSEC implementation using Rijndael?

    Yes. Solaris 9 will support it in ESP as "AES". (This means RTFM for
    encraes(7m), etc.)

    Due to import restrictions of other countries, AES for Solaris IPsec will be
    available as a download, not unlike what DES and 3DES are for Solaris 8 right
    now. (The good news, however, is that DES and 3DES will be in Solaris 9
    right out of the box.) Blowfish will also be available for S9 in the same
    download. So:

            S9 out of the box: DES, 3DES

            S9 additional download: AES, Blowfish

    Enough marketing, on to the good stuff.

    > Were there any difficulties associated with the choice of keylengths,
    > or with longer keys in general?

    Not really. The only real trick was what to pick for default key length (128
    bits), how to get IPsec policy to focus on a key length, and how to get IKE
    to negotiate whatever keylength properly.

    > I've been dealing with 3DES-based routers recently, and the slowness of
    > some software implementations has been quite depressing; even some of the
    > hardware-accelerated versions can't keep a T3 full. So getting a
    > standardized Rijndael would be a big win.

    AES smokes 3DES in software. (Esp. because AES/Rijndael doesn't require the
    "rotate" primitive which is really bad for SPARC.) In our code, it even
    beats DES (again, the whole rotate issue). I don't have the exact numbers
    handy, but I think a mere Ultra 10 can keep at least half of a T3 full -
    maybe more.

    I just did a large file xfer between my 2 x 900 MHz UltraSPARC III desktop
    and a 4-way 550 MHz Intel Xeon server (both running Solaris 9 builds) and got
    ~T3 speeds (5564 Kbytes/sec according to FTP, which is ~45Mbit/sec) over a
    100Mbit 5-hop path. Since it was a single connection, you probably could've
    achieved the same results with single-processors. The traffic was protected
    with ESP with 128-bit AES + MD5. As always, your mileage may vary. Also,
    since 192 and 256-bit AES have more rounds, their latencies will be higher,
    and your performance will drop slightly.

    AES is a Good Thing (TM), and hopefully the scrutiny that it has received
    will not reveal any flaws.

    Dan