following-up to my own post: On Tue, Sep 14, 2010 at 8:54 AM, Zooko O'Whielacronx <zo...@zooko.com> wrote: > > Also, even if you did have a setting where the CPU cost of HMAC-SHA1 > was a significant part of your performance (at e.g. 12 cycles per byte > [1]), then you could always switch to Poly1305 or VMAC (at e.g. 2 > cycles per byte), or to an authenticated encryption mode (effectively > zero cycles per byte?).
Hm, actually [1] shows AES-GCM (an authenticated encryption mode) running at 16 cycles per byte, compared to AES-CTR's 13 cycles per byte, so we can estimate the CPU cost of switching from unauthenticated encryption to authenticated encryption at about 3 cycles per byte, similar to using VMAC. Regards, Zooko > [1] http://cryptopp.com/benchmarks.html _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
