netbsd-users: Re: SSH on NetBSD 1.5.2, authentication slow?

Subject: Re: SSH on NetBSD 1.5.2, authentication slow?
To: Aaron J. Grier <agrier@poofygoof.com>
From: Tom Javen <tom.javen@innotrac.fi>
List: netbsd-users
Date: 03/18/2003 11:09:47
On Mon, 17 Mar 2003, Aaron J. Grier wrote:

> Date: Mon, 17 Mar 2003 19:46:19 -0800
> From: Aaron J. Grier <agrier@poofygoof.com>
> To: Netbsd-Users@netbsd.org
> Subject: Re: SSH on NetBSD 1.5.2, authentication slow?
>
> On Mon, Mar 17, 2003 at 12:37:06PM +0200, Tom Javen wrote:
>
> > 105 seconds on 50MHz 486 , 1.5.2.
> > Protocol version 1 was "fast" , 2 is slow.
>
> what does 'openssl speed dsa' yield for results?
some datapoints :

50MHz 486 i386/1.5.2
OpenSSL 0.9.5a 1 Apr 2000
built on: Sat Aug 18 01:06:13 CEST 2001
options:bn(32,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) blowfish(idx)
compiler: cc -O2  -Werror
                  sign    verify    sign/s verify/s
dsa  512 bits   0.3357s   0.4312s      3.0      2.3
dsa 1024 bits   1.1189s   1.3875s      0.9      0.7

Netra X1 UltraSPARC-IIe , 400 MHz sparc64/1.6
OpenSSL 0.9.6g 9 Aug 2002
built on: NetBSD 1.6H
options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,int)
blowfish(idx)
compiler: gcc version 2.95.3 20010315 (release) (NetBSD nb3)
                  sign    verify    sign/s verify/s
dsa  512 bits   0.0138s   0.0207s     72.7     48.4
dsa 1024 bits   0.0461s   0.0773s     21.7     12.9

800MHz Amd i386/1.5.2
OpenSSL 0.9.5a 1 Apr 2000
built on: Sat Aug 18 01:06:13 CEST 2001
options:bn(32,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) blowfish(idx)
compiler: cc -O2  -Werror
                  sign    verify    sign/s verify/s
dsa  512 bits   0.0064s   0.0079s    155.5    126.9
dsa 1024 bits   0.0222s   0.0275s     45.0     36.4


1600Mhz Amd i386/1.6N
OpenSSL 0.9.6g 9 Aug 2002
built on: NetBSD 1.6N
options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long)
blowfish(ptr2)
compiler: gcc version 2.95.3 20010315 (release) (NetBSD nb4)
                  sign    verify    sign/s verify/s
dsa  512 bits   0.0007s   0.0008s   1505.9   1272.3
dsa 1024 bits   0.0017s   0.0021s    575.4    481.5

>
> as far as I'm aware, DSA is used to sign the initial diffie-hellman
> exchanges in ssh v2 and is usually the slowing factor for older
> machines.  compilation flags for architectures can have significant
> effects.
Seems so..

Maybe time to update to current
>
> --
>   Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com
>       "It's not fast, but why not?"  --  John Klos on VAX dnet client
>   "because it needlessly contributes to global warming?"  --  Paul Vixie
>
Tom
-- 
=============================+===========================
Tom Javen                    |   Innotrac Diagnostics Oy
email tom.javen@innotrac.fi  |   Turku
phone +358-2-2784041         |   Finland
gsm   +358-40-5860532        |   phone +358-2-2784000
                             |   fax   +358-2-2784001
=============================+===========================