Hello, Tinc 1.0 allowed you to choose a cipher and digest algorithm. However, it only worked well with the cipher in CBC mode, and would always use a HMAC to authenticate packets. For tinc 1.1, I have done some tests with different hash algorithms but also with Galois Counter Mode (GCM). The HMAC contributes to a large part of the CPU cycles spent on packets. Unfortunately, all the fast hash algorithms are also the cryptographically weak ones. Instead of a HMAC, GCM also provides authentication of packets, and it is much faster, particularly on the latest Intel processors with AES and PCLMULQDQ instructions. Here are some results from the sptps_speed utility:
Processor AES-256-CTR+HMAC-SHA256 AES-256-GCM
----------------------------------------------------------------------
Intel Atom N270, 1.6 GHz 59.48 Mbit/s 89.63 Mbit/s
Intel Atom 330, 1.6 GHz 79.72 Mbit/s 238.11 Mbit/s
AMD Phenom II X4 965, 3.4 GHz 336.96 Mbit/s 478.66 Mbit/s
Intel Core i3-3220T, 2.8 GHz 543.64 Mbit/s 1.69 Gbit/s
Intel Core i7-3960X, 3.3 GHz 787.99 Mbit/s 5.60 Gbit/s
So I think I will change the SPTPS protocol to use GCM instead. GCM is a bit
more tricky to implement correctly than a HMAC though, but most of the caveats
are the same as for CTR mode.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
