NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: setkey -- twofish-cbc unsupported algorithm



Also, as you test, you may want to look into whether the kernel is using
AES instructions, with or without /dev/crypto offload.  I have not paid
attention to these details in quite a few years.  As wikipedia notes,
while twofish and rijndael were competitive in speed, twofihs is slower
on computers with AES hardware support!

Of course, the only symmetric cipher that can compete with hardware accelerated AES in terms of throughput is Chacha20 and we don't have it in setkey.  It's there in the OpenSSH code, though, it's even builtin without OpenSSL.

I am not clear however on how to test crypto hardware acceleration on netbsd.  I could try the `openssl speed` feature but the first thing I would be looking for is whether my CPU has the AES-NI, AVX and AVX2 flags available.  Is there a way to do that on NetBSD?  Then how to check of /dev/crypto is leveraged at various places in userland?

-pph


Home | Main Index | Thread Index | Old Index