On 27-5-2013 17:46, Jim Starkey wrote: > On 5/27/2013 3:53 AM, Mark Rotteveel wrote: >>> I initially implemented NuoDB (then NimbusDB) line encryption with 128 >>> bit AES. The performance hit was about 85%, which just wouldn't fly. >>> Substituting RC4 for AIS dropped this to about 4%. As a result, I left >>> the flexible encryption in place but dropped both AES and plaintext as >>> options, leaving only RC4. >> Was that with or without the use of AES instructions like AES-NI >> (http://en.wikipedia.org/wiki/AES_instruction_set ) I thought that with use >> of those instructions AES actually outperformed RC4 (can't find a direct >> comparison right now though). > > It was without -- I didn't have access to a machine with the instruction > set. That said, I doubt that it would make a big difference. While the > code implementation is going to execute out of the instruction cache and > the "instruction" version out of microcode, the amount of computation is > the same. The "hardware" would have a clear advantage if the AES > algorithm could be parallelized, but a central feature of any crypto > algorithm is that it can't.
According to some articles like http://www.scottbrownconsulting.com/2011/10/a-look-at-the-performance-impact-of-hardware-accelerated-aes/, the performance improvement of AES-NI over a software implementation is a 3x - 10x (according to Intel), or 4x - 8x (according to TrueCrypt) over a software implementation. The article does mention that in real world application the improvement may be less because these tests ignore all other factors. > About three years ago I posted the source code for both RC4 and AES > transforms for comparisons to firebird-architect. If you'd like to > recode the AES transform to use the crypto instruction set compared to > C++ version, I would be happy to see the results. I'd do it myself, but > I, uh, sold my last implementation and have gotten around to > re-implementing the transform library. http://tech.groups.yahoo.com/group/Firebird-Architect/message/11298 (membership required) That would be an interesting exercise, but my C++ are sufficient enough to be dangerous, but seriously lacking to successfully do that ;) > I also posted Java implementations of SRP and RC4 that anyone working on > the JDBC remote might find useful. As a reminder to myself (and maybe others): http://tech.groups.yahoo.com/group/Firebird-Architect/message/11368 (membership required) I am working on a new implementation of how Jaybird handles the wire protocol to simplify support of new protocol versions (including the one of Firebird 3). But right now I am still working on an implementation of the version 10 protocol and improving/molding the basic class layout I copied from the Firebird .NET provider implementation as a starting point, to better fit with JDBC. When that is done adding new protocol versions (at least upto Firebird 2.5) are next, followed by support for Firebird 3.0. Mark -- Mark Rotteveel ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
