rpm-5.x has 2.5 (RSA with openssl is broken, DSA works, so 2.5) crypto implementations.

Which means that one of BeeCrypt, NSS, or OpenSSL should become the default.

Since there are no known problems with any of BeeCrypt, NSS or OpenSSL implementations, the criteria used to choose NSS (over BeeCrypt) in rpm-5.x last November was performance.

It now turns out that my benchmark using --stats is flawed somehow:

[EMAIL PROTECTED] beecrypt-4.1.2]$ rpm -qa --stats --usecrypto nss > / dev/null
   total:               1      0.000000 MB      6.656261 secs
   digest:           1615     39.617621 MB      0.509697 secs
signature: 1353 0.000000 MB 5.148736 secs dbget: 1537 40.805440 MB 0.147153 secs
   hdrload:          1517     40.805388 MB      0.214369 secs
   hdrget:           6030      0.000000 MB      0.016871 secs
[EMAIL PROTECTED] beecrypt-4.1.2]$ rpm -qa --stats --usecrypto beecrypt > /dev/null
   total:               1      0.000000 MB      9.803716 secs
   digest:           1615     39.617621 MB      0.505350 secs
   signature:        1353      0.000000 MB      8.348607 secs
   dbget:            1537     40.805440 MB      0.140118 secs
   hdrload:          1517     40.805388 MB      0.205129 secs
   hdrget:           6030      0.000000 MB      0.015127 secs

It turns out that BeeCrypt is actually the fastest of the 2.5 implementations, measured by someone else using --stats, and also confirmed by me using callgrind instruction counts.

Could some rpm-5.x users (other than me, my --stats are lying for whatever reason) please try to confirm that, indeed, BeeCrypt is higher performing (i.e. faster) than NSS?

All that is needed (with an rpm-5.x install and necessary pubkeys imported) is to run "rpm -qa --stats" with either --usecrypto nss (the current default in rpm-5.x)
or --usecrypto beecrypt as above.

ATM, the performance criteria favors BeeCrypt, not NSS, as the better default choice
for a crypto implementation.

(aside) If there is a need to have OpenSSL functional with RSA signatures, or to use Gcrypt as a 4th alternative, please poke me and I'll finish up the implementations.

73 de Jeff

______________________________________________________________________
RPM Package Manager                                    http://rpm5.org
Developer Communication List                        [email protected]

Reply via email to