Re: Recent MAC improvements

This is a discussion on Re: Recent MAC improvements within the OpenSSH Development forums, part of the Networking and Network Related category; On Jun 11 14:43, Damien Miller wrote: > Hi, > > There has been some recent work to improve ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: Recent MAC improvements

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-13-2007
Corinna Vinschen
 
Posts: n/a
Default Re: Recent MAC improvements
On Jun 11 14:43, Damien Miller wrote:
> Hi,
>
> There has been some recent work to improve the speed of the Message
> Authentication Codes (MACs) that are used in OpenSSH.
>
> The first improvement is a change from Markus Friedl to reuse the MAC
> context, rather than reinitialising it for every packet. This saves two
> calls to the underlying hash function (e.g. SHA1) for each packet. My
> tests found that this yielded at 12-16% speedup for bulk transfers to
> localhost using HMAC-MD5 and arcfour256. HMAC-SHA1 should see an even
> bigger improvement, because SHA1 is a more expensive hash function.
>
> The second improvement is Peter Valchev's addition of a new MAC: Ted
> Krovetz' UMAC-64[1]. This MAC uses a very different approach than the
> HMACs that OpenSSH currently supports, and it comes with a nice security
> proof that guarantees its resistance so long as its underlying block
> cipher (AES) remains cryptologically intact. Testing (bulk transfers to
> localhost using arcfour256) found UMAC-64 to perform 20% better than
> HMAC-MD5, and 28% faster than HMAC-SHA1. This new MAC may be selected
> by specifying "MACs=umac-64@openssh.com" in a server or client config.
>
> These changes need testing on as many platforms as possible. In particular
> we are interested in the following corner cases:
>
> - Old OpenSSL version (0.9.5ish)
> - Testing between big and little endian machines (i386 vs. sparc for example)
> - Testing between previous OpenSSH versions and -current
> - Testing on strict alignment architectures like Alpha and Itanium
>
> Please report your findings to the mailing list.

Builds and runs fine on Cygwin w/ openssl 0.9.8e. Exchanging data
with Cygwin 4.6p1 and Linux 4.5p1 works fine. UMAC works fine between
Cygwin machines. I see a 14% speed improvement in a default scp
with no further options, relative to 4.6p1. Using umac-64 the speed
improvement is 15%.


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:26 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0