At 03:08 PM 11/14/2001 -0500, Dan McDonald wrote:
>
>> I've been dealing with 3DES-based routers recently, and the slowness of
>> some software implementations has been quite depressing; even some of the
>> hardware-accelerated versions can't keep a T3 full. So getting a
>> standardized Rijndael would be a big win.
>
>AES smokes 3DES in software. (Esp. because AES/Rijndael doesn't require the
>"rotate" primitive which is really bad for SPARC.) In our code, it even
>beats DES (again, the whole rotate issue). I don't have the exact numbers
>handy, but I think a mere Ultra 10 can keep at least half of a T3 full -
>maybe more.
>
>I just did a large file xfer between my 2 x 900 MHz UltraSPARC III desktop
>and a 4-way 550 MHz Intel Xeon server (both running Solaris 9 builds) and got
>~T3 speeds (5564 Kbytes/sec according to FTP, which is ~45Mbit/sec) over a
>100Mbit 5-hop path. Since it was a single connection, you probably could've
>achieved the same results with single-processors. The traffic was protected
>with ESP with 128-bit AES + MD5. As always, your mileage may vary. Also,
>since 192 and 256-bit AES have more rounds, their latencies will be higher,
>and your performance will drop slightly.
>

How was the responsiveness of the machines? Or were you pegged at 100% CPU?

BTW, isn't MD5 a bit light for AES 128 bits? Correct me if I'm wrong, but
to minimize (birthday?) attacks the hash size needs to be double the key size.

- Alex

--
Alex Alten
AltenHome.Com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]