Re: Risks of File Transfer on a Fully Switched Network

[Robert Kerr <r.kerr () CRANFIELD AC UK>]

On Thu, 2005-12-01 at 14:21 +1100, Bradley Ellis wrote:

> One thing to bear in mind is that encryption will slow the data
> flow - we found on a P3-1Ghz machine that with SSL data
> throughput dropped from around 10Mbytes/sec (clear text) to around
> 500Kbytes/sec.

> While this is not a current system, it does give an idea of the load,
> and even faster cpu's will only see a linear scaling of the traffic
> rate - P4-3Ghz might see 1.5Mbytes/sec of encrypted traffic.

Running an openssl speed test on a P4-3GHz tends to disagree with that:

type        16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
des ede3    19308.92k    19761.15k   20062.09k   19968.68k    19649.88k

Maybe the addition of SSE2 is a big advantage here? Obviously this test
is slightly synthetic as it's only testing the raw encryption and not
any of the other overheads SSL brings (ie the HMACs).

> While SSL and IPSec are different, they both use crypto ciphers, and
> from memory the SSL in question would have been 3DES and not AES.

AES of course is far faster:

type         16 bytes    64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc  60329.98k   62031.38k   62900.31k   62432.94k    62876.33k
aes-192 cbc  52804.78k   54670.15k   55387.73k   55467.58k    55072.09k
aes-256 cbc  45949.18k   47988.65k   49327.43k   49147.56k    49130.15k

Certainly there is an overhead from crypto but so long as the datasets
we're talking aren't multi-gigabyte it needn't be noticeable on modern
hardware. Going by these figures, if you only have 100MBit to the
desktop then AES ought to manage linespeed with little trouble.

Would be nice to work out some real world figures on modern hardware.

--
 Robert Kerr