[Bug 54180] Re: [rfe] sshd ought to support 'none' cipher
Daniel J Blueman
daniel.blueman at gmail.com
Tue Nov 11 23:42:20 GMT 2008
Problem is that SSH performance is still 10-30x slower with encryption.
On a 3.6GHz Intel Penryn with plenty of memory bandwidth [1], we see
around 67MB/s - 109MB/s [2]. Moving from 'secret' aes-128-cbc (the
default) to 'top-secret' aes-256-cbc (the most secure) is almost free.
Moving from MD5 hashing reduces performance too [3].
--- [1]
$ sudo hdparm -T /dev/sda
/dev/sda:
Timing cached reads: 18030 MB in 2.00 seconds = 9026.75 MB/sec
--- [2]
$ for c in 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr
aes192-ctr aes256-ctr arcfour128 arcfour256 arcfour blowfish-cbc
cast128-cbc; do echo using cipher $c; ssh -c $c localhost dd
if=/dev/zero bs=32k count=10000 >/dev/null; done
3des-cbc 22.6 MB/s
aes128-cbc 63.8 MB/s
aes192-cbc 67.6 MB/s
aes256-cbc 67.4 MB/s
aes128-ctr 74.9 MB/s
aes192-ctr 73.6 MB/s
aes256-ctr 73.3 MB/s
arcfour128 109 MB/s
arcfour256 108 MB/s
arcfour 107 MB/s
blowfish-cbc 75.0 MB/s
cast128-cbc 62.0 MB/s
--- [3]
$ for m in hmac-md5 hmac-sha1 umac-64 hmac-ripemd160; do echo using
digest $m; ssh -c arcfour128 -m $m localhost dd if=/dev/zero bs=32k
count=10000 >/dev/null; done
hmac-md5 108 MB/s
hmac-sha1 97.9 MB/s
hmac-ripemd160 83.0 MB/s
--
[rfe] sshd ought to support 'none' cipher
https://bugs.launchpad.net/bugs/54180
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list