Subject: Re: IPsec performance
To: Simon Burge <simonb@NetBSD.ORG>
From: Bill Sommerfeld <>
List: tech-security
Date: 07/20/2000 08:44:36
  by with SMTP; 20 Jul 2000 12:44:43 -0000
	id B3E7D2A1B; Thu, 20 Jul 2000 08:44:41 -0400 (EDT)
	by (Postfix) with ESMTP
	id A1E991F98; Thu, 20 Jul 2000 08:44:41 -0400 (EDT)
To: Simon Burge <simonb@NetBSD.ORG>
Cc: tech-security@NetBSD.ORG, tech-net@NetBSD.ORG,
Subject: Re: IPsec performance 
In-Reply-To: Message from Simon Burge <simonb@NetBSD.ORG> 
   of "Thu, 20 Jul 2000 22:22:30 +1000." <> 
Date: Thu, 20 Jul 2000 08:44:36 -0400
From: Bill Sommerfeld <>
Message-Id: <>

> Idle question - since blowfish isn't an AES candidate, will its life be
> long enough (in IPsec) to justify the work?  I also don't know off the
> top of my head if any of the AES candidate ciphers have large key setup
> times (MARS?)...

Twofish appears to have somewhat faster key setup than Blowfish, but,
judging from, it
could still profit from keeping an expanded key around; for the
performance level not involving dynamic code generation, key setup
looks roughly equivalent to encrypting about 400 bytes.

						- Bill