FAQ claims:
FAQ> 9.1. Should I turn encryption off, for performance reasons?
FAQ>
FAQ> No; you should keep it turned on, for security reasons.
FAQ>
FAQ> Today's CPUs are fast enough that performance losses (if any) only
FAQ> are noticable for local Ethernet speeds,
... provided that we're talking about 10Mbps. Note that author even had
to pick really slow computers (see below) in order to make the the
performance impact *visible*.
FAQ> or faster.
The statement however hardly stands for 100Mbps wires. Another relevant
question is how many CPU cycles does it take to perform the encryption
pass. I mean say algorithm X does operate at 100Mbps, but it takes 100%
of CPU time which is hardly useful if you're also interested in
treating/generating the data to be transferred over the encrypted
channel. The only algorithm which actually has a real chance in 100Mbps
network is RC4 (or ARCFOUR). I intentionally said "has a chance"
because:
- SSH never engages it (SSH1 for security reasons, SSH2 for no visible
reason);
- the implementation is lousy;
As for implementation. SSH1 implementation isn't worth a dime, but it's
not really relevant as it's insecure to use any stream cipher with SSH1
protocol. SSH2 implementation is somewhat better and you might be able
to saturate 100Mbps wire with today's 500MHz Pentium (well, not really
as MAC calculations take some time as well). "Might" means that I
haven't verified it myself and statement is based on estimations (266MHz
PII encrypts at 60Mbps rate). However same estimations show that the
performance might be improved by factor of 3 (in PII and better case and
yes, C source code optimizations only, assembler would give 4) releasing
handful of CPU cycles for meaningful work or moving toward 1Gbit.
FAQ> You might want to specify blowfish encryption instead of the
default,
FAQ> IDEA for SSH1 and 3DES for SSH2, with -c blowfish, for faster
FAQ> operation.
Yes, blowfish is the second candidate (well, twofish is actually the
second, but it's only few percents faster) to saturate 100Mbps (with
today's CPU) and it's implemented fairly. But even good optimizing
compiler gonna keep almost whole 500MHz Pentium busy. IDEA and 3DES are
out of the question in 100Mbps net and you gonna notice that CPU is
somewhat occupied trying to keep up even with 10Mbps wire.
FAQ> Following are some measurements where the different encryption
FAQ> methods were applied between a P5/90 and a 486/100, both running
FAQ> Linux, for copying files with scp across a lightly loaded Ethernet.
FAQ>
FAQ> The model chosen was t=a+x/b; a is the startup time in seconds, and
b
FAQ> the sustainable transfer rate in kB/s. Also given are the 68.3%
FAQ> confidence intervals for the data, as determined by the
FAQ> Levenberg-Marquardt algorithm as implemented a pre-3.6 version of
FAQ> gnuplot.
FAQ>
FAQ> Encryption a[s] da[s] b[kB/s] db[kB/s]
FAQ> none 2.37 0.37 386.1 5.8
FAQ> rc4 1.96 0.27 318.2 2.9
FAQ> tss 2.33 0.37 298.5 3.5
FAQ> des 2.07 0.19 218.8 1.0
FAQ> idea 2.25 0.45 169.6 1.3
FAQ> 3des 1.92 0.11 118.2 0.2
Cheers. Andy.
