1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

openssl speed on WRT54GL

Discussion in 'Tomato Firmware' started by gawd0wns, Aug 10, 2009.

  1. gawd0wns

    gawd0wns LI Guru Member

    openssl speed on WRT54GL with OpenSSL 1.0.0

    I ran ./openssl speed on my WRT54GL with an OpenSSL 1.0.0 binary. (To learn how it was compiled, read this through thread: http://www.linksysinfo.org/forums/showthread.php?t=62556 ) . I guess what they say is true, Camellia performs better than AES. The current version of openssl within Tomato would not run 'openssl speed', so I don't know if there are any performance differences between the two builds.

    See the attached text file for results.

    Attached Files:

  2. fyellin

    fyellin LI Guru Member

    For whatever it's worth, I wrote an assembly language version of AES that's included in SgtPepperKSU's builds. It sped up AES considerably.

    Random Googling reveals that AES and Camellia are pretty much about the same. Camellia is a little bit faster. AES has been studied by many more cryptographers.
  3. gawd0wns

    gawd0wns LI Guru Member

    Thanks again for your work on AES... I recall you compiled speed into openssl, I just found the thread for comparison:

    It looks like both versions perform the same, though v1.0.0 is larger in size, and includes new ciphers. It looks like AES performance was improved, but not by much.. This is probably due to CPU usage on the routers. I didn't think Camellia would perform 20%+ faster, I thought it would be less significant.
  4. fyellin

    fyellin LI Guru Member

    The other issue I was with Camellia is that at least on Wikipedia, it's not listed as a "Common Algorithm" or "Less Common Algorithm" but as "Other Algorithm". This means that it just hasn't been studied as much as AES has. It is far more likely to have not-yet-discovered flaws.

    If my main criterion is security, I don't think there is any substitute for AES-256 right now. If my main criterion is speed, while still maintaining good security, then the clear choice seems to be BlowFish; it's been used for years and has a good pedigree. Camellia fits uncomfortable in between the two.

    It'll be interesting to see if Camellia gains more traction in the coming years.
  5. gawd0wns

    gawd0wns LI Guru Member

    It will be listed as a common algorithm in openssl v1.0.0, as you can see from my compiled example, you don't have to specify any additional settings. I don't know about 0.9.9, if a v0.9.9 will even be released.
  6. regular

    regular LI Guru Member

  7. fyellin

    fyellin LI Guru Member

    From what I've read, this attack is completely impractical. It involves encrypting text with both the secret key and with a second key that is related to the original secret key (e.g. changing a bit). That's not how keys are chosen in the real world, and attackers can't generally change the key in a predictable way.

    The article confirms that AES is still undergoing wide-spread scrutiny and research. This "flaw" was found because researchers were curious how AES would work has a hash function rather than as a block cipher. I doubt as many people are spending as much time on Camelia.

Share This Page