Package: hopenpgp-tools
Version: 0.21.3-1
Severity: wishlist

I'm looking at performance tests on large (spammed/flooded)
certificates.  hopenpgp-tools consumes more CPU than GnuPG by a factor
of 2×, 5×, or 10× depending on the operation.

I provide these figures as a target for hopenpgp to meet or beat, if
possible.

During these tests, xxx is the dearmored form of my flooded OpenPGP
certificate, as it is found on the SKS keyservers:

  wget -O - \
   'http://keys.mayfirst.org/pks/lookup?op=get&search=0xF20691179038E5C6' | \
   gpg --dearmor > xxx

it's about 17MiB in size, bloated with junk (see
https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html for
more details)

All tests were run on a quad-core Intel(R) Core(TM) i5-2540M CPU @
2.60GHz, and all data is in a tmpfs, so there should be no disk latency
to worry about.

----------

Here is a performance comparison of just listing the contents of the
packet.  hopenpgp-tools takes 10× more time:

0 dkg@alice:/tmp/cdtemp.7QJ3xD$ time hot dump < xxx > /dev/null
hot (hopenpgp-tools) 0.21.3
Copyright (C) 2012-2019  Clint Adams
hot comes with ABSOLUTELY NO WARRANTY. This is free software, and you are 
welcome to redistribute it under certain conditions.

real    0m4.750s
user    0m4.725s
sys     0m0.025s
0 dkg@alice:/tmp/cdtemp.7QJ3xD$ time pgpdump < xxx > /dev/null

real    0m0.516s
user    0m0.403s
sys     0m0.104s
0 dkg@alice:/tmp/cdtemp.7QJ3xD$ time gpg --list-packets < xxx > /dev/null

real    0m0.511s
user    0m0.506s
sys     0m0.005s
0 dkg@alice:/tmp/cdtemp.7QJ3xD$ 
----------


----------
Here is a comparison of adding or removing armor.  hot takes about 5× as
much time as gpg:

1 dkg@alice:/tmp/cdtemp.bOnXz6$ time gpg --enarmor < xxx > xxx.gpg.asc

real    0m0.239s
user    0m0.222s
sys     0m0.017s
0 dkg@alice:/tmp/cdtemp.bOnXz6$ time hot armor --armor-type pubkeyblock < xxx > 
xxx.hot.asc
hot (hopenpgp-tools) 0.21.3
Copyright (C) 2012-2019  Clint Adams
hot comes with ABSOLUTELY NO WARRANTY. This is free software, and you are 
welcome to redistribute it under certain conditions.

real    0m0.978s
user    0m0.917s
sys     0m0.061s
0 dkg@alice:/tmp/cdtemp.bOnXz6$ time gpg --dearmor < xxx.gpg.asc  > /dev/null

real    0m0.332s
user    0m0.317s
sys     0m0.016s
0 dkg@alice:/tmp/cdtemp.bOnXz6$ time hot dearmor < xxx.gpg.asc  > /dev/null
hot (hopenpgp-tools) 0.21.3
Copyright (C) 2012-2019  Clint Adams
hot comes with ABSOLUTELY NO WARRANTY. This is free software, and you are 
welcome to redistribute it under certain conditions.

real    0m1.657s
user    0m1.616s
sys     0m0.036s
0 dkg@alice:/tmp/cdtemp.bOnXz6$ 
---------------


---------------
and here is an attempt to look at parsing the data in more detail:

they're both pretty bad, but gpg is faster by a factor of ~2×:

0 dkg@alice:/tmp/cdtemp.bOnXz6$ time gpg --show-keys < xxx  | wc
      8      35     383

real    0m34.374s
user    0m34.297s
sys     0m0.080s
0 dkg@alice:/tmp/cdtemp.bOnXz6$ time hokey lint < xxx  | wc
hokey (hopenpgp-tools) 0.21.3
Copyright (C) 2012-2019  Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are 
welcome to redistribute it under certain conditions.
     42     219    2054

real    0m57.681s
user    0m57.387s
sys     0m0.284s
0 dkg@alice:/tmp/cdtemp.bOnXz6$ 


It should not take a modern CPU more than a few seconds to produce ~2KiB
of output out of 17MiB of input!

---------------

Regards,

        --dkg

Attachment: signature.asc
Description: PGP signature

Reply via email to