Educause Security Discussion mailing list archives
Re: Risks of File Transfer on a Fully Switched Network
From: Robert Kerr <r.kerr () CRANFIELD AC UK>
Date: Fri, 2 Dec 2005 11:57:16 +0000
On Thu, 2005-12-01 at 14:21 +1100, Bradley Ellis wrote:
One thing to bear in mind is that encryption will slow the data flow - we found on a P3-1Ghz machine that with SSL data throughput dropped from around 10Mbytes/sec (clear text) to around 500Kbytes/sec.
While this is not a current system, it does give an idea of the load, and even faster cpu's will only see a linear scaling of the traffic rate - P4-3Ghz might see 1.5Mbytes/sec of encrypted traffic.
Running an openssl speed test on a P4-3GHz tends to disagree with that: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes des ede3 19308.92k 19761.15k 20062.09k 19968.68k 19649.88k Maybe the addition of SSE2 is a big advantage here? Obviously this test is slightly synthetic as it's only testing the raw encryption and not any of the other overheads SSL brings (ie the HMACs).
While SSL and IPSec are different, they both use crypto ciphers, and from memory the SSL in question would have been 3DES and not AES.
AES of course is far faster: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 60329.98k 62031.38k 62900.31k 62432.94k 62876.33k aes-192 cbc 52804.78k 54670.15k 55387.73k 55467.58k 55072.09k aes-256 cbc 45949.18k 47988.65k 49327.43k 49147.56k 49130.15k Certainly there is an overhead from crypto but so long as the datasets we're talking aren't multi-gigabyte it needn't be noticeable on modern hardware. Going by these figures, if you only have 100MBit to the desktop then AES ought to manage linespeed with little trouble. Would be nice to work out some real world figures on modern hardware. -- Robert Kerr
Current thread:
- Re: Risks of File Transfer on a Fully Switched Network, (continued)
- Re: Risks of File Transfer on a Fully Switched Network jack suess (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Dunker, Mary (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Flynn (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Huba Leidenfrost (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Russell Fulton (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Bradley Ellis (Nov 30)
- Re: Risks of File Transfer on a Fully Switched Network Cal Frye (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Scholz, Greg (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Gary Dobbins (Dec 01)
- Re: Risks of File Transfer on a Fully Switched Network Robert Kerr (Dec 02)
- Re: Risks of File Transfer on a Fully Switched Network Alan Amesbury (Dec 06)