Re: specifying the number of rounds that I would like to use with AES-192-CBC
Curious question - still more about AES and CBC and openssl: Does the number of rounds during the encryption phase of it have to match the number of rounds during the decryption phase of it, or does it not matter? (i.e. the rounds count really only matters during the encryption-only phase, and for decryption; it is independent of it)? On Sat, Mar 16, 2013 at 11:33 PM, Ewen Chan chan.e...@gmail.com wrote: I was just curious, cuz other people have spelled it that way as well. And I just wanted to be sure. Thanks. On Sat, Mar 16, 2013 at 11:29 PM, shath...@e-z.net wrote: Congrats! you caught my typing error. Steven J. Hathaway Thanks. Is the name spelt Rijndael or Rijndahl? On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote: AES/Rijndahl AES has fixed number of rounds and other parameters. Rijndahl allows you to specify the algorithm parameters including number of rounds. Steven J. Hathaway So is the number of rounds set by Rijndahl or the AES spec? I'm confused. And is the number of rounds hard-coded into the OpenSSL source; or is it embedded somewhere else? On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote: I don't know the interfaces to OpenSSL, but AES-192 specifies the number of rounds. The approved AES algorithms specify a subset of Rijndahl cipher whereby you can specify alternative numbers of rounds, key sizes, and block sizes. Sincerely, Steven J. Hathaway There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: specifying the number of rounds that I would like to use with AES-192-CBC
Is AES-CBC decryption independent of the number of rounds that was used during the encryption process? 0.o? On Sun, Mar 17, 2013 at 10:04 AM, Ewen Chan chan.e...@gmail.com wrote: Curious question - still more about AES and CBC and openssl: Does the number of rounds during the encryption phase of it have to match the number of rounds during the decryption phase of it, or does it not matter? (i.e. the rounds count really only matters during the encryption-only phase, and for decryption; it is independent of it)? On Sat, Mar 16, 2013 at 11:33 PM, Ewen Chan chan.e...@gmail.com wrote: I was just curious, cuz other people have spelled it that way as well. And I just wanted to be sure. Thanks. On Sat, Mar 16, 2013 at 11:29 PM, shath...@e-z.net wrote: Congrats! you caught my typing error. Steven J. Hathaway Thanks. Is the name spelt Rijndael or Rijndahl? On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote: AES/Rijndahl AES has fixed number of rounds and other parameters. Rijndahl allows you to specify the algorithm parameters including number of rounds. Steven J. Hathaway So is the number of rounds set by Rijndahl or the AES spec? I'm confused. And is the number of rounds hard-coded into the OpenSSL source; or is it embedded somewhere else? On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote: I don't know the interfaces to OpenSSL, but AES-192 specifies the number of rounds. The approved AES algorithms specify a subset of Rijndahl cipher whereby you can specify alternative numbers of rounds, key sizes, and block sizes. Sincerely, Steven J. Hathaway There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: specifying the number of rounds that I would like to use with AES-192-CBC
Are their pre-compiled programs already where I could be able to see/play with the effects of changing the number of rounds using the Rijndael algorithm? On Sun, Mar 17, 2013 at 11:23 AM, Ewen Chan chan.e...@gmail.com wrote: Is AES-CBC decryption independent of the number of rounds that was used during the encryption process? 0.o? On Sun, Mar 17, 2013 at 10:04 AM, Ewen Chan chan.e...@gmail.com wrote: Curious question - still more about AES and CBC and openssl: Does the number of rounds during the encryption phase of it have to match the number of rounds during the decryption phase of it, or does it not matter? (i.e. the rounds count really only matters during the encryption-only phase, and for decryption; it is independent of it)? On Sat, Mar 16, 2013 at 11:33 PM, Ewen Chan chan.e...@gmail.com wrote: I was just curious, cuz other people have spelled it that way as well. And I just wanted to be sure. Thanks. On Sat, Mar 16, 2013 at 11:29 PM, shath...@e-z.net wrote: Congrats! you caught my typing error. Steven J. Hathaway Thanks. Is the name spelt Rijndael or Rijndahl? On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote: AES/Rijndahl AES has fixed number of rounds and other parameters. Rijndahl allows you to specify the algorithm parameters including number of rounds. Steven J. Hathaway So is the number of rounds set by Rijndahl or the AES spec? I'm confused. And is the number of rounds hard-coded into the OpenSSL source; or is it embedded somewhere else? On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote: I don't know the interfaces to OpenSSL, but AES-192 specifies the number of rounds. The approved AES algorithms specify a subset of Rijndahl cipher whereby you can specify alternative numbers of rounds, key sizes, and block sizes. Sincerely, Steven J. Hathaway There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working
Interesting... Does this necessarily implicitly implies that the Rijndael cipher was selected as the AES winner because it was also simple enough to be fast, while meeting the security and protection requirements when they initiated the open call for proposals? I didn't realize that the AES and also modern processors were so fast already. I always thought that AES was going to be a fairly slow and compute-intensive process; and so that's why I was trying to make sure that the AES-NI was working. Turns out, I might not even need it. #FML (And I'm pretty sure that some of you guys were probably telling me that, but I didn't realize it then. Now I see the light.) On Sat, Mar 16, 2013 at 1:29 AM, Matthew Hall mh...@mhcomputing.net wrote: On Sat, Mar 16, 2013 at 01:16:23AM -0400, Ewen Chan wrote: Okay then, here's another one of my infamous dumb questions. If that's the case, then why do we need the AES-NI instruction set? It's far from the first accelerated instruction set of dubious utility. ;) Marketing... etc. Actually, SSL / TLS performance is much more greatly increased by an RSA accelerator. If I were Intel I would have made that first, before AES-NI, because RSA signs and verifies consume a lot more resources and are a lot more vulnerable to DoS than AES. But, of course, RSA is more complex. The tech companies are not trying to make the best possible product, but the best product that's economically feasible, which is a slightly different goal. If it's likely going to be storage and/or network bandwidth limited; wouldn't the improvements made by introducing and incorporating the AES-NI instruction set be kind of wasted in the sense that you can't really use it to the fullest potential anyways? Amdahl's Law: the amount of overall improvement of performance by improving an area is proportional to the amount that area is executed. If the storage/network I/O is going to be your bottleneck/limiting factor, then regardless of whether you have AES-NI or not; you're likely going to get the same answer in terms of speed. Yes! Also, is that why (besides the fact that CBC can't be parallelized) why it doesn't make sense or people really haven't spent too much time or effort into trying to run AES encryption/decryption on GPGPUs? Because it's already faster than anything else is capable of at the moment? Like Erwann said, the memory transfers would likely cost more time than using AES-NI. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working
Is there a mailing list that I can ask Rijndael-specific questions? On Sat, Mar 16, 2013 at 3:25 AM, Ewen Chan chan.e...@gmail.com wrote: Interesting... Does this necessarily implicitly implies that the Rijndael cipher was selected as the AES winner because it was also simple enough to be fast, while meeting the security and protection requirements when they initiated the open call for proposals? I didn't realize that the AES and also modern processors were so fast already. I always thought that AES was going to be a fairly slow and compute-intensive process; and so that's why I was trying to make sure that the AES-NI was working. Turns out, I might not even need it. #FML (And I'm pretty sure that some of you guys were probably telling me that, but I didn't realize it then. Now I see the light.) On Sat, Mar 16, 2013 at 1:29 AM, Matthew Hall mh...@mhcomputing.net wrote: On Sat, Mar 16, 2013 at 01:16:23AM -0400, Ewen Chan wrote: Okay then, here's another one of my infamous dumb questions. If that's the case, then why do we need the AES-NI instruction set? It's far from the first accelerated instruction set of dubious utility. ;) Marketing... etc. Actually, SSL / TLS performance is much more greatly increased by an RSA accelerator. If I were Intel I would have made that first, before AES-NI, because RSA signs and verifies consume a lot more resources and are a lot more vulnerable to DoS than AES. But, of course, RSA is more complex. The tech companies are not trying to make the best possible product, but the best product that's economically feasible, which is a slightly different goal. If it's likely going to be storage and/or network bandwidth limited; wouldn't the improvements made by introducing and incorporating the AES-NI instruction set be kind of wasted in the sense that you can't really use it to the fullest potential anyways? Amdahl's Law: the amount of overall improvement of performance by improving an area is proportional to the amount that area is executed. If the storage/network I/O is going to be your bottleneck/limiting factor, then regardless of whether you have AES-NI or not; you're likely going to get the same answer in terms of speed. Yes! Also, is that why (besides the fact that CBC can't be parallelized) why it doesn't make sense or people really haven't spent too much time or effort into trying to run AES encryption/decryption on GPGPUs? Because it's already faster than anything else is capable of at the moment? Like Erwann said, the memory transfers would likely cost more time than using AES-NI. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: specifying the number of rounds that I would like to use with AES-192-CBC
Thanks. Is the name spelt Rijndael or Rijndahl? On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote: AES/Rijndahl AES has fixed number of rounds and other parameters. Rijndahl allows you to specify the algorithm parameters including number of rounds. Steven J. Hathaway So is the number of rounds set by Rijndahl or the AES spec? I'm confused. And is the number of rounds hard-coded into the OpenSSL source; or is it embedded somewhere else? On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote: I don't know the interfaces to OpenSSL, but AES-192 specifies the number of rounds. The approved AES algorithms specify a subset of Rijndahl cipher whereby you can specify alternative numbers of rounds, key sizes, and block sizes. Sincerely, Steven J. Hathaway There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: specifying the number of rounds that I would like to use with AES-192-CBC
I was just curious, cuz other people have spelled it that way as well. And I just wanted to be sure. Thanks. On Sat, Mar 16, 2013 at 11:29 PM, shath...@e-z.net wrote: Congrats! you caught my typing error. Steven J. Hathaway Thanks. Is the name spelt Rijndael or Rijndahl? On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote: AES/Rijndahl AES has fixed number of rounds and other parameters. Rijndahl allows you to specify the algorithm parameters including number of rounds. Steven J. Hathaway So is the number of rounds set by Rijndahl or the AES spec? I'm confused. And is the number of rounds hard-coded into the OpenSSL source; or is it embedded somewhere else? On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote: I don't know the interfaces to OpenSSL, but AES-192 specifies the number of rounds. The approved AES algorithms specify a subset of Rijndahl cipher whereby you can specify alternative numbers of rounds, key sizes, and block sizes. Sincerely, Steven J. Hathaway There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working
a...okay. Gotcha. Thanks! On Fri, Mar 15, 2013 at 5:23 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: On a PC under Linux, you can do a cat /proc/cpuinfo and look for aes in the flags. On a PC under any OS, get the CPUID, and look for bit 25 of ECX. That's not OpenSSL-related. The use of OPENSSL_ia32cap environment variable allows you to alter the CPUID result (only inside OpenSSL), and alter its behaviour. It's not resistant to a reboot, it's only process dependant. Compare the following results: OPENSSL_ia32cap=~0x202 openssl speed -elapsed -evp aes-128-cbc openssl speed -elapsed -evp aes-128-cbc -- Erwann ABALEA Le 15/03/2013 04:46, Ewen Chan a écrit : Does it matter whether it's ia32 or ia64 even for an x64 processor? Shouldn't there be some way for me to check whether AES is enabled or being used (other than running a speed test) either in dmesg or /proc/ or with openssl itself? I'm a little confused, and surprised/shocked that there isn't a way to probe the status of whether the AES-NI is a) present and b) enabled/utilized. re: OPENSSL_ia32cap=~0x202 so forgive me for asking lots of dumb questions but that would be $ set OPENSSL_ia32cap=~0x202 $ export OPENSSL_ia32cap correct? And how do I re-enable it without having to reboot the system? What's the value that I should be putting in on the right-hand-side of the equal sign? Your help is much appreciated. Sincerely, Ewen On Thu, Mar 14, 2013 at 7:35 PM, Dr. Stephen Henson st...@openssl.org wrote: On Thu, Mar 14, 2013, Ewen Chan wrote: So this is a partial continuation from the discussion thread that I started yesterday in regards to using AES-CBC. I've got an Intel Core i7 3930K that supports AES-NI and I spent the greater part of last night trying to get openssl to work or at least recognize it, but it doesn't seem to want to do that. It it probably recognising it and you don't realise it. OpenSSL 1.0.1 automatically switches to AES-NI at the EVP level without going through an explicit AES-NI ENGINE. You can disable AES-NI detection with the environment variable: OPENSSL_ia32cap=~0x202 You should see a considerable speed up with openssl speed by comparing the two. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] using multiple keys
Sorry, my bad. Wrong terminology. (The AES wiki says that it uses a key.) But I was really thinking about multiple passphrases. Sorry for the mix up. So let's say I have three files: file1 file2 file3 And then I have a passphrase file that contains the following: Alice Bob Charlie and I want to encrypt file1 with the passphrase Alice; file2 with the passphrase Bob and file3 with the passphrase Charlie. Is there a way to get openssl to automatically do that or do I need to write a program/shell script so that I will automatically increment one and pull the passphrase from the appropriate passphrase file? (Disclaimer: I am NOT a programmer. At all. By ANY stretch of the imagination.) Thanks. On Fri, Mar 15, 2013 at 5:01 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: openssl enc encrypts one file at a time, and can read the first line of a file to get the passphrase (in order to derive key and iv). If you want to provide your own key and iv, you have to do it as command line arguments. Key management is out of scope. -- Erwann ABALEA Le 15/03/2013 06:33, Ewen Chan a écrit : If I have a directory and it has 10 files and I have 10 separate keys such that key1 is for file1 and key2 is for file2 (etc.); is there a way to automate the encryption process like that? Or do I have to run each of the commands separate and instead of having 10 separate keys in a single keyfile in a list format; that I would need to split them out into individual keyfiles (e.g. keyfile1, keyfile2, etc.) and then run the encryption individually (rather than launching a single encryption job that will process all 10 files with all 10 keys listed in one keyfile)? (I hope that this makes sense and that people are kinda getting what I'm asking here.) Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
key/passphrase length limits - AES-256-CBC
For AES-256-CBC, if I have a passphrase stored in a file; are there limits in terms of how big either the key or the passphrase can be in terms of characters? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] using multiple keys
So if I want to do that, the very basic way for me to do it would be to write all of the commands (line-by-line; which processes each file separately) into a shell script file and then run that? But if I were to use some kind of programming or more advanced scripting language/syntaxes; I would be able to automate that (which makes it easier for me in the long run)? Thanks for all your help so far. P.S. In regards to the whole OS saga - I ended up installing Solaris 11.1; although I'm not really sure if it worked or not. lol... On Fri, Mar 15, 2013 at 9:32 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 15/03/2013 13:54, Ewen Chan a écrit : Sorry, my bad. Wrong terminology. (The AES wiki says that it uses a key.) But I was really thinking about multiple passphrases. And from this passphrase, a key and IV can be generated. It's more easy to remember a passphrase than a bunch of hex digits. Sorry for the mix up. So let's say I have three files: file1 file2 file3 And then I have a passphrase file that contains the following: Alice Bob Charlie and I want to encrypt file1 with the passphrase Alice; file2 with the passphrase Bob and file3 with the passphrase Charlie. Is there a way to get openssl to automatically do that or do I need to write a program/shell script so that I will automatically increment one and pull the passphrase from the appropriate passphrase file? The openssl command-line tool doesn't do that. It can work with one passphrase file per file, or you can provide the passphrase as an argument. If you want to centralize your passphrases, you'll have to write some kind of wrapper to extract the good passphrase and provide it to openssl enc (either in a dedicated file, or as an argument). (Disclaimer: I am NOT a programmer. At all. By ANY stretch of the imagination.) Nobody's perfect :D __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: specifying the number of rounds that I would like to use with AES-192-CBC
So is the number of rounds set by Rijndahl or the AES spec? I'm confused. And is the number of rounds hard-coded into the OpenSSL source; or is it embedded somewhere else? On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote: I don't know the interfaces to OpenSSL, but AES-192 specifies the number of rounds. The approved AES algorithms specify a subset of Rijndahl cipher whereby you can specify alternative numbers of rounds, key sizes, and block sizes. Sincerely, Steven J. Hathaway There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
question about salt
If I specify a salt, does the salt have to be ASCII or can they be Unicode? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working
Do these number make sense or seem reasonable? (I'm running a Core i7 3930K that's been OC'd to 4.5 GHz up from the stock 3.2 GHz, running cygwin 1.7.17 on Windows 7 x64 Professional, with 64 GB of DDR3-1600) ~$ OPENSSL_ia32cap=~0x202 openssl speed -elapsed -evp aes-256-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 50880991 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 14919708 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 3870779 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 981188 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 122920 aes-256-cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Tue Feb 12 15:42:44 CET 2013 options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: i686-pc-cygwin-gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 271365.29k 318287.10k 330306.47k 334912.17k 335653.55k ~$ openssl speed -elapsed -evp aes-256-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 108926706 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 29319700 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 7428178 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 1863275 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 233116 aes-256-cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Tue Feb 12 15:42:44 CET 2013 options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: i686-pc-cygwin-gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 580942.43k 625486.93k 633871.19k 635997.87k 636562.09k Am I to interpret the results as even with the AES-NI disabled, that I'm still abled to process at a minimum, 300 MB/s (for block sizes 64 B) and that with AES-NI; it's only double that (~600-and-change MB/s)? And that for AES-128-CBC, with 8 kiB blocks, that I'm able to process it at 465 MB/s without AES-NI, and 888 MB/s with? That's MUCH faster than I expect it to be (even with AES-NI) and the 888 MB/s is faster than any available storage host-bus interface we've got right now; so I want to make sure that I am not losing my marbles here in trying to make some sense out of this data. Thanks. On Fri, Mar 15, 2013 at 5:23 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: On a PC under Linux, you can do a cat /proc/cpuinfo and look for aes in the flags. On a PC under any OS, get the CPUID, and look for bit 25 of ECX. That's not OpenSSL-related. The use of OPENSSL_ia32cap environment variable allows you to alter the CPUID result (only inside OpenSSL), and alter its behaviour. It's not resistant to a reboot, it's only process dependant. Compare the following results: OPENSSL_ia32cap=~0x202 openssl speed -elapsed -evp aes-128-cbc openssl speed -elapsed -evp aes-128-cbc -- Erwann ABALEA Le 15/03/2013 04:46, Ewen Chan a écrit : Does it matter whether it's ia32 or ia64 even for an x64 processor? Shouldn't there be some way for me to check whether AES is enabled or being used (other than running a speed test) either in dmesg or /proc/ or with openssl itself? I'm a little confused, and surprised/shocked that there isn't a way to probe the status of whether the AES-NI is a) present and b) enabled/utilized. re: OPENSSL_ia32cap=~0x202 so forgive me for asking lots of dumb questions but that would be $ set OPENSSL_ia32cap=~0x202 $ export OPENSSL_ia32cap correct? And how do I re-enable it without having to reboot the system? What's the value that I should be putting in on the right-hand-side of the equal sign? Your help is much appreciated. Sincerely, Ewen On Thu, Mar 14, 2013 at 7:35 PM, Dr. Stephen Henson st...@openssl.org wrote: On Thu, Mar 14, 2013, Ewen Chan wrote: So this is a partial continuation from the discussion thread that I started yesterday in regards to using AES-CBC
Re: [openssl-users] Re: having a lot of troubles trying to get AES-NI working
Okay then, here's another one of my infamous dumb questions. If that's the case, then why do we need the AES-NI instruction set? If it's likely going to be storage and/or network bandwidth limited; wouldn't the improvements made by introducing and incorporating the AES-NI instruction set be kind of wasted in the sense that you can't really use it to the fullest potential anyways? If the storage/network I/O is going to be your bottleneck/limiting factor, then regardless of whether you have AES-NI or not; you're likely going to get the same answer in terms of speed. (I actually copied the input file onto my SSD so as to try and eliminate that as the bottleneck; and then write the output to the same drive.) (haha...it feels like that the more questions I ask, the more confused I get...lol...) Also, is that why (besides the fact that CBC can't be parallelized) why it doesn't make sense or people really haven't spent too much time or effort into trying to run AES encryption/decryption on GPGPUs? Because it's already faster than anything else is capable of at the moment? On Sat, Mar 16, 2013 at 1:05 AM, Matthew Hall mh...@mhcomputing.net wrote: On Sat, Mar 16, 2013 at 12:06:07AM -0400, Ewen Chan wrote: That's MUCH faster than I expect it to be (even with AES-NI) and the 888 MB/s is faster than any available storage host-bus interface we've got right now; so I want to make sure that I am not losing my marbles here in trying to make some sense out of this data. Thanks. Without AES-NI other still quite fast instructions are used from SSE, SSE2, etc. So it is a boost but not the be-all end-all boost. In most cases the Core i7 will clobber most any storage device bar the very most costly SSDs. It's an extremely powerful CPU. If this isn't screaming fast enough, use GCM instead of CBC, and enjoy the multicore awesome thereof. ;) As fast at it is, 10 GBE will still do 1280 MiB / sec. But it should fill up the 8 Gbps FC with no issues. Matthew. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
having a lot of troubles trying to get AES-NI working
So this is a partial continuation from the discussion thread that I started yesterday in regards to using AES-CBC. I've got an Intel Core i7 3930K that supports AES-NI and I spent the greater part of last night trying to get openssl to work or at least recognize it, but it doesn't seem to want to do that. I've tried with Cygwin 1.5-something (I forget) and the latest cygwin (tried upgrading just the openssl package - didn't work; so I ended up uninstalling my old cygwin; installing the new and it still didn't work.) I've also tried Ubuntu 12.04 LTS and Ubuntu 12.10 (and it said that it downloaded the update to it and applied it, but it still didn't work for either). I've even tried redownloading the source from www.openssl.org/source (taking it up to 1.0.1e) and that also still didn't work. (i.e. didn't work means that when I type openssl engine - the aesni doesn't show up as an option). I then tried to modify the initramfs config file to add aes_ni and then running and update-initramfs; and that didn't work either. All of the probing that I tried to do showed that the AES-NI kernel module wasn't loaded (but - for example in Solaris 11 that I've got running in a VM; when I type openssl engine; it will show (aesni) AES-NI engine (no aesni)); which leads me to think that on the Linux side, something similiar should happen (that openssl aesni engine should still be available but then there'd be a comment if the AES-NI kernel module wasn't loaded). And now I am trying to install Solaris 11 on the host system itself and it's having it's own set of issues (hardware compatibility; which I might have to set up a PXE boot server so that I can patch in/update drivers for the Solaris 11 install - but that's a different story for some other list). And I also tried SuSE Linux Enterprise Server 11 SP1 (I think) - same thing. cat /proc/cpuinfo shows that aes is available. cat /proc/crypto does not. And people (via more googling) have said that they can load kernel modules post-boot, but I don't know how to do that either. Any help on any recommended OS would be greatly appreciated. (It doesn't matter so much to me which OS is used so long as the openssl using the aesni engine works.) Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: having a lot of troubles trying to get AES-NI working
But even if it isn't enabled in the BIOS, shouldn't the output be something like this when you probe it (even if it isn't available or enabled in BIOS, but openssl itself supports it)? $ openssl engine (aesni) Intel AES-NI engine (no-aesni) (dynamic) Dynamic engine loading support (I haven't been able to find the option in the BIOS, so I'm going to have to send a support request to ASUS about that or maybe try and see if I can find another tool to see whether it's there; and whether or not it's active or not - again, different questions for different points). On Thu, Mar 14, 2013 at 11:28 AM, Matthew Hall mh...@mhcomputing.net wrote: In many cases you have to explicitly enable it in the BIOS first before it will work right. -- Sent from my mobile device. Ewen Chan chan.e...@gmail.com wrote: So this is a partial continuation from the discussion thread that I started yesterday in regards to using AES-CBC. I've got an Intel Core i7 3930K that supports AES-NI and I spent the greater part of last night trying to get openssl to work or at least recognize it, but it doesn't seem to want to do that. I've tried with Cygwin 1.5-something (I forget) and the latest cygwin (tried upgrading just the openssl package - didn't work; so I ended up uninstalling my old cygwin; installing the new and it still didn't work.) I've also tried Ubuntu 12.04 LTS and Ubuntu 12.10 (and it said that it downloaded the update to it and applied it, but it still didn't work for either). I've even tried redownloading the source from www.openssl.org/source (taking it up to 1.0.1e) and that also still didn't work. (i.e. didn't work means that when I type openssl engine - the aesni doesn't show up as an option). I then tried to modify the initramfs config file to add aes_ni and then running and update-initramfs; and that didn't work either. All of the probing that I tried to do showed that the AES-NI kernel module wasn't loaded (but - for example in Solaris 11 that I've got running in a VM; when I type openssl engine; it will show (aesni) AES-NI engine (no aesni)); which leads me to think that on the Linux side, something similiar should happen (that openssl aesni engine should still be available but then there'd be a comment if the AES-NI kernel module wasn't loaded). And now I am trying to install Solaris 11 on the host system itself and it's having it's own set of issues (hardware compatibility; which I might have to set up a PXE boot server so that I can patch in/update drivers for the Solaris 11 install - but that's a different story for some other list). And I also tried SuSE Linux Enterprise Server 11 SP1 (I think) - same thing. cat /proc/cpuinfo shows that aes is available. cat /proc/crypto does not. And people (via more googling) have said that they can load kernel modules post-boot, but I don't know how to do that either. Any help on any recommended OS would be greatly appreciated. (It doesn't matter so much to me which OS is used so long as the openssl using the aesni engine works.) Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: having a lot of troubles trying to get AES-NI working
Does it matter whether it's ia32 or ia64 even for an x64 processor? Shouldn't there be some way for me to check whether AES is enabled or being used (other than running a speed test) either in dmesg or /proc/ or with openssl itself? I'm a little confused, and surprised/shocked that there isn't a way to probe the status of whether the AES-NI is a) present and b) enabled/utilized. re: OPENSSL_ia32cap=~0x202 so forgive me for asking lots of dumb questions but that would be $ set OPENSSL_ia32cap=~0x202 $ export OPENSSL_ia32cap correct? And how do I re-enable it without having to reboot the system? What's the value that I should be putting in on the right-hand-side of the equal sign? Your help is much appreciated. Sincerely, Ewen On Thu, Mar 14, 2013 at 7:35 PM, Dr. Stephen Henson st...@openssl.org wrote: On Thu, Mar 14, 2013, Ewen Chan wrote: So this is a partial continuation from the discussion thread that I started yesterday in regards to using AES-CBC. I've got an Intel Core i7 3930K that supports AES-NI and I spent the greater part of last night trying to get openssl to work or at least recognize it, but it doesn't seem to want to do that. It it probably recognising it and you don't realise it. OpenSSL 1.0.1 automatically switches to AES-NI at the EVP level without going through an explicit AES-NI ENGINE. You can disable AES-NI detection with the environment variable: OPENSSL_ia32cap=~0x202 You should see a considerable speed up with openssl speed by comparing the two. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
using multiple keys
If I have a directory and it has 10 files and I have 10 separate keys such that key1 is for file1 and key2 is for file2 (etc.); is there a way to automate the encryption process like that? Or do I have to run each of the commands separate and instead of having 10 separate keys in a single keyfile in a list format; that I would need to split them out into individual keyfiles (e.g. keyfile1, keyfile2, etc.) and then run the encryption individually (rather than launching a single encryption job that will process all 10 files with all 10 keys listed in one keyfile)? (I hope that this makes sense and that people are kinda getting what I'm asking here.) Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
specifying the number of rounds that I would like to use with AES-192-CBC
There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
specifying the number of rounds that I would like to use with AES-192-CBC
There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process to do that much more involved than that? And requires programming/scripting?
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Wouldn't enabling AES-NI during the encryption/decryption process make it run faster? So even if I'm just running the openssl command-line executable, processing those files with AES-NI enabled (via '-engine aesni') would be faster than if I left that part out? (I'm still a little fuzzy as to whether I would need '-evp' when I use '-engine aesni' or if they work independent of each other.) The man pages doesn't say anything about that (at least not on the man pages online @ openssl.org). On Wed, Mar 13, 2013 at 1:31 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: If what you want is simply encrypt and decrypt files using command-line openssl executable, then you don't need to play with engine or evp options. openssl enc uses the EVP interface, which in turn will make use of AES-NI instructions if available (or SSE3, SSE2, SSE, anything available on the runtime platform to speed it up). -- Erwann ABALEA Le 13/03/2013 18:07, Ewen Chan a écrit : Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
I'm asking about the '-engine aesni' flag because when I google openssl aes-ni - that's what comes up. I've never used it before, but I'm about to as I've recently aquired a system that supports AES-NI. I'm also asking because I'm about to encrypt a whole bunch of files and some of them are quite large, so I want to have an idea if the encryption job is going to be something that's going to be done in a few minutes, a few hours, or a few days? I was under the impression (based on the documentation and what I've been able to find online on google) that you had to invoke the AES-NI by using the '-engine' flag; but I guess from what you're saying, that that's not true. On Wed, Mar 13, 2013 at 2:29 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 19:10, Ewen Chan a écrit : Wouldn't enabling AES-NI during the encryption/decryption process make it run faster? Of course. So even if I'm just running the openssl command-line executable, processing those files with AES-NI enabled (via '-engine aesni') would be faster than if I left that part out? No. Because AES-NI instructions will automatically be used when available, in your specific scenario. (automatically: you don't have to do anything special to get it) (I'm still a little fuzzy as to whether I would need '-evp' when I use '-engine aesni' or if they work independent of each other.) The man pages doesn't say anything about that (at least not on the man pages online @ openssl.org). The man pages don't go into that kind of detail for the command-line tool (command-line tool: used to do quick stuff, debug things, prototype). Have you tried to encrypt actual files? Have you encountered a CPU bottleneck, a bug, or anything? On Wed, Mar 13, 2013 at 1:31 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: If what you want is simply encrypt and decrypt files using command-line openssl executable, then you don't need to play with engine or evp options. openssl enc uses the EVP interface, which in turn will make use of AES-NI instructions if available (or SSE3, SSE2, SSE, anything available on the runtime platform to speed it up). -- Erwann ABALEA Le 13/03/2013 18:07, Ewen Chan a écrit : Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
I'm running on a 30 TB server with about 1.4 million files. I think that at last audit, the single largest file is 45 GB (as an example). And I'm prepping to run AES-256-CBC. The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm pretty sure that I can peg (or at least supply) the full 6 Gbps bandwidth for encryption. I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the latest openssl package is also being considered at this time (as well as possible a change to the host system OS to Linux (e.g. Ubuntu 12.04) or Solaris 11) or that I am just going to stream the data over 10 GbE connection (by mounting over SMB/NFS and running the encryption using the client processor, but the data is just being passed through during the encryption process - no data is stored on the client system post-encryption). The openssl wasn't recompiled from source; but whatever's built/included with the OS. On Wed, Mar 13, 2013 at 3:51 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 20:06, Ewen Chan a écrit : I'm asking about the '-engine aesni' flag because when I google openssl aes-ni - that's what comes up. I've never used it before, but I'm about to as I've recently aquired a system that supports AES-NI. I'm also asking because I'm about to encrypt a whole bunch of files and some of them are quite large, so I want to have an idea if the encryption job is going to be something that's going to be done in a few minutes, a few hours, or a few days? Define quite large. By disabling AES-NI detection on my laptop, I can encrypt files at about 225MB/s (1 GB in 4.5 seconds, AES-128-CBC). That's much faster than what my SATA harddrive can do. Disabling SSE* and MMX instructions allow the same machine to encrypt data at about 82MB/s (1 GB in 13 seconds). Again, more than enough to saturate my hard drive. I was under the impression (based on the documentation and what I've been able to find online on google) that you had to invoke the AES-NI by using the '-engine' flag; but I guess from what you're saying, that that's not true. That's useless for openssl enc. That may be useful for openssl speed (as -evp may also be useful), but it's a different goal. And it can also depend on your hardware, your OpenSSL version, and compilation flags. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
The problem that I initially ran into when I was creating the volume was that there wasn't a Linux file system that could handle a 27 TB volume. The closest that I got was Btrfs and the time, it was still in I think 0.98alpha or something like that. Also as a result of that, there were no data recovery tools available that in the event of a RAID failure (but the drives are otherwise intact) that I need to be able to do a data recovery off the drives and to be able to pull the data and stitch it back together. Now the plan is for the clone/mirrored server (that also has plans for LTO tape expansion) that the data going on the tapes will be the fully encrypted files. If I do the volume encryption, the decryption will be also tied to the volume; which limits possiblities (if I understand it correctly) in porting the data forward as the volume or volumes grow. Conversely, if I encrypt the files (rather than the volume); then the encryption isn't linked to the volume itself; which means it can be next-gen-ext4, ZFS, btrfs (when it matures) etc... And even if I were to encrypt the entire volume; the question of whether AES-NI is enabled or disabled by default will still be persistent. (There are also early analysis plans that are currently being studied to implement 4x QDR Infiniband and all network traffic will be pushed onto that NIC/protocol instead, resulting in a net 32 Gbps connection per port.) So there are some high level planning stuff that's going on - but I'm currently studying the encryption aspect of it (out of the whole grand scheme/big picture of things). (There's SOME reasoning to the madness...) On Wed, Mar 13, 2013 at 4:04 PM, Matthew Hall mh...@mhcomputing.net wrote: On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote: I'm running on a 30 TB server with about 1.4 million files. I think that at last audit, the single largest file is 45 GB (as an example). And I'm prepping to run AES-256-CBC. The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm pretty sure that I can peg (or at least supply) the full 6 Gbps bandwidth for encryption. I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the latest openssl package is also being considered at this time (as well as possible a change to the host system OS to Linux (e.g. Ubuntu 12.04) or Solaris 11) or that I am just going to stream the data over 10 GbE connection (by mounting over SMB/NFS and running the encryption using the client processor, but the data is just being passed through during the encryption process - no data is stored on the client system post-encryption). The openssl wasn't recompiled from source; but whatever's built/included with the OS. Why not use the latest Linux kernel full disk and/or partition encryption via dmraid or other technique, which has AES-NI support in-kernel, to avoid userspace overhead which will be considerable with such throughput goals? Matthew. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
