Re: Optional 'test' or benchmark cipher

This is a discussion on Re: Optional 'test' or benchmark cipher within the OpenSSH Development forums, part of the Networking and Network Related category; Iain Morgan wrote: > I don't know if the HPN-SSH patch supports that functionaliy on the > server ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: Optional 'test' or benchmark cipher

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-16-2008
Chris Rapier
 
Posts: n/a
Default Re: Optional 'test' or benchmark cipher


Iain Morgan wrote:

> I don't know if the HPN-SSH patch supports that functionaliy on the
> server side.

Ya know, I never thought about it. My feeling was always that if a
server wanted to support it then they'd support it and leave it up to
the users to decide if they wanted to make use of it. I'll look into
this more when I get back from some conferences I'm going to.

Speaking of which, if anyone here is goign to the APAN/Joint Techs
meeting in Hawaii or the Mardi Gras '08 conferences I'll be presenting
on this work.

> What are you typically seeing for your transfer rates? What cipher/MAC
> combination are you using and what version of OpenSSL? Also, what
> version of OpenSSH?

Its important to realize that a number of factors go in to throughput
and the bottleneck might not be where you think it is. This is why I
usually start by benchmarking things with some sort of lightweight test
like Iperf. You can even use it with a sample data file to see how your
disk I/O is impacting performance. At that point you tune the system to
maximize Iperf performance. Then you start with the SSH tests to get a
better idea of the overhead imposed.

> Why add a potential security hole merely for the sake of testing? I
> would think you'd want to test ssh the way it is actually intended to
> work.

Well... NONE *is* part of the protocol in that its not explicitly banned
(its a 'should not' instead of a 'must not'). Under the right
circumstances and implementation it doesn't, in my view, impose an
unacceptable risk. Even so, use of NONE is a very effective way to
determine where internal application bottlenecks might lie.

> The topic of adding a NONE cipher has comes up on this list from time to
> time. Each time it has been shot down - for good reasons in my opinion.

Applications like GridFTP provide secure authentication but don't
encrypt or do message authentication on the bulk data. While I'm not a
huge fan of GridFTP I don't find any fault in their decision to take
this route.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:34 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0