Bards1888 wrote:
I've searched the archives and couldn't find anything related, so I'm
posting here for some help/advice;
[...]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 52599.29k 56488.64k 58105.31k 58512.93k
58630.37k
====================================================================
I have a few questions regarding the test;
1) Does the part that states "numbers are in 1000s of bytes per second"
mean that the figures below have still to be translated in to 'human
readable' quantities ? or has that already been performed. I'm guessing
it has already been performed mainly due to the 'k' on the end, however
I could be very wrong.
It means what it says: "1000s of bytes per second processed."
2) This seems, to the novice in me, to be a fairly well balance cipher
to use on this kit as the rate seems to be close regardless of block
size. Does the blocksize roughly equate to network packets in an SSL VPN
scenario ?
The SSL record size (upper limit for the used block size) is ~ 16k, the
size of your data packets in an SSL VPN probably depends on the
applications transfering data over the VPN.
I also have a 2ghz amd athlon 64 3200+ which happens to have a hifn
crypto PCI card in it, exact same Openbsd 3.8 OS;
====================================================================
# dmesg |grep hifn
hifn0 at pci0 dev 9 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4
MD5 SHA1 RNG AES PK, 32KB dram, irq 11
====================================================================
So I thought I'd run the same test on it to see how much faster the hifn
card is;
====================================================================
# openssl speed -evp aes-256-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-256-cbc for 3s on 16 size blocks: 40467 aes-256-cbc's in 0.02s
Doing aes-256-cbc for 3s on 64 size blocks: 40014 aes-256-cbc's in 0.00s
Doing aes-256-cbc for 3s on 256 size blocks: 38356 aes-256-cbc's in 0.00s
Doing aes-256-cbc for 3s on 1024 size blocks: 29925 aes-256-cbc's in 0.02s
Doing aes-256-cbc for 3s on 8192 size blocks: 9659 aes-256-cbc's in 0.00s
OpenSSL 0.9.7g 11 Apr 2005
built on: date not available
options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,4,int)
aes(partial) blowfish(idx)
compiler: information not available
available timing options: USE_TOD HZ=100 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 41438.21k 2560896.00k 9819136.00k 1961164.80k
79126528.00k
====================================================================
Questions;
1) why does it mention that it is running for 3 seconds but then state a
fraction of that in the last colum (elapsed time ?) ?
The last colum is *not* the elapsed time, but the used cpu time. If you
want the elapsed time (what you should do in this case), you have to use
the option -elapsed with "openssl speed". The values you got are more or
less the max. possible rates (because of the overhead for accessing the
crypto card) for an crypto card with infinite speed.
2) notice that the non-accelated box processed ~ 21000 8kb blocks in 3
seconds yet the accelerated box reckons in did 9659 of the same size
blocks in 0.00 seconds. Can I force the speed test to run for 3 seconds ?
The tests already ran for 3 seconds (elapsed). As said above, use the
-elapsed option for getting numbers related to the elapsed time. Using
the crypto card actually slows down your box, especially for small block
sizes (e.g. by a factor of 240 for 16 byte blocks!).
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
