tech-security: Re: IPsec performance

Subject: Re: IPsec performance
To: Simon Burge <simonb@NetBSD.ORG>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-security
Date: 07/20/2000 08:44:36

  by mail.netbsd.org with SMTP; 20 Jul 2000 12:44:43 -0000
	id B3E7D2A1B; Thu, 20 Jul 2000 08:44:41 -0400 (EDT)
	by orchard.arlington.ma.us (Postfix) with ESMTP
	id A1E991F98; Thu, 20 Jul 2000 08:44:41 -0400 (EDT)
To: Simon Burge <simonb@NetBSD.ORG>
Cc: tech-security@NetBSD.ORG, tech-net@NetBSD.ORG,
	tech-kern@NetBSD.ORG
Subject: Re: IPsec performance 
In-Reply-To: Message from Simon Burge <simonb@NetBSD.ORG> 
   of "Thu, 20 Jul 2000 22:22:30 +1000." <200007201222.WAA27073@balrog.supp.cpr.itg.telecom.com.au> 
Reply-To: sommerfeld@orchard.arlington.ma.us
Date: Thu, 20 Jul 2000 08:44:36 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Message-Id: <20000720124441.B3E7D2A1B@orchard.arlington.ma.us>

> Idle question - since blowfish isn't an AES candidate, will its life be
> long enough (in IPsec) to justify the work?  I also don't know off the
> top of my head if any of the AES candidate ciphers have large key setup
> times (MARS?)...

Twofish appears to have somewhat faster key setup than Blowfish, but,
judging from http://www.counterpane.com/twofish_key_setup.html, it
could still profit from keeping an expanded key around; for the
performance level not involving dynamic code generation, key setup
looks roughly equivalent to encrypting about 400 bytes.

						- Bill