very interesting reply. I look forward to reading it in more depth
(just got out of bed to check if I have replys)
really I'm after using openbsd to make a vpn concentrator so the
traffic will be high.
On 2 Apr 2008, at 02:21, Girish Venkatachalam wrote:
On 23:05:06 Apr 01, Christian Weisgerber wrote:
It mentions AES but not blowfish.
Which means you are not losing anything.
There isn't any crypto accelerator that implements Blowfish.
Perhaps with reason.
Blowfish's interest is limited nowadays. It was attractive back
when the top mainstreamer cipher was 3DES, which is slow in software,
Triple DES is still ridiculously slow. And AES ridiculously fast.
Reason being that the mathematical beauty of AES (Rijndael) is
something
extraordinary.
It couldn't get any simpler.
Moreover one of the criteria of NIST was the ability to implement
AES in
hardware with simple LFSR circuits and other PLD.
but AES is just as fast as Blowfish--in fact AES was faster for
some scp(1) tests I did, if I remember correctly--and has received
more scrutiny by the cryptographic community.
I have *heard* that blowfish key setup times can be quite high.
Moreover I am sure that blowfish has not received the attention of
cryptanalysts like AES.
For all practical purposes AES is the best choice.
If you are interested in doing further testing, you can enable the
OpenSSL engine interface and do speed tests.
IIRC it is
$ openssl speed
or some such thing.
Best,
Girish
