Bill Sommerfeld wrote:

> The expanded blowfish key is large and takes a while to compute;
> recomputing it for every packet is almost certainly what kills
> performance -- expanding the key takes ~520 blowfish block
> encryptions, equivalent to encrypting a bit over 4kb of data.
> 
> The solaris implementation of blowfish for ESP (which is in
> "solaris-current", not yet in any product) just caches the expanded
> key in per-SA state; netbsd should do likewise.
> 
> Something more sophisticated might be appropriate -- perhaps a
> *drain()-like routine to reclaim the memory for idle SA's -- but
> redoing the BF_set_key() on every packet is definitely a bad idea.

Idle question - since blowfish isn't an AES candidate, will its life be
long enough (in IPsec) to justify the work?  I also don't know off the
top of my head if any of the AES candidate ciphers have large key setup
times (MARS?)...

Simon.