1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN Encryption cipher

Discussion in 'Tomato Firmware' started by kyrios, Feb 15, 2013.

  1. kyrios

    kyrios Networkin' Nut Member

    Which one has fastest response (ping) and highest throughout (Mbps/s)?

    AES-128-CBC
    AES-128-CFB
    AES-128-OFB
    BF-CBC
    BF-CFB
    BF-OFB
    CAST5-CBC
    CAST5-CFB
    CAST5-OFB
    RC2-40-CBC
    RC2-64-CBC
    RC2-CBC
    RC2-CFB
    RC2-OFB
    RC5-CBC
    RC5-CFB
    RC5-OFB
    ....
    ...
    ..
     
  2. koitsu

    koitsu Network Guru Member

    This may help a bit:

    http://www.linksysinfo.org/index.php?threads/openssl-assembler-acceleration.49216/#post-217933

    Focus on the "Before" column, as the thread is regarding improving OpenSSL speed by some assembly optimisations. "Before" then refers to stock OpenSSL that comes with TomatoUSB, i.e. 1.0.1c or something along those lines.

    And Shibby's own post too:

    http://www.linksysinfo.org/index.php?threads/openssl-assembler-acceleration.49216/#post-217926

    Basically what you want, because all of the encryption is done CPU-side, is the cipher that utilises the least amount of CPU time combined with the best throughput. Response time (what you call "ping") has no bearing and won't be impacted unless the CPU is maxed out. So I would be inclined to pick the cipher that uses the least CPU.

    In newer (non-stock) OpenSSL (usually installed via Entware) there is a command that can benchmark the ciphers for you: openssl speed. Yeah, that simple.

    I should note that the speed will vary depending on the model of router you have; for example, what cipher performs best (CPU-wise) on a WRT54G will not necessarily be the same as on an RT-N16, given the architecture difference (MIPSR1 vs. R2) and many other CPU-level differences. So what model of router do you have? If you have an RT-N16, I can run openssl speed and provide the results here, as that's the only router I currently have available.

    Here's an example of what the output can look like (this is on an x64 FreeBSD box, so these numbers are significantly higher/better than what you'll see on these generic consumer Broadcom routers, and available ciphers will probably differ as well):

    Code:
    $ openssl speed
    To get the most accurate results, try to run this
    program when this computer is idle.
    Doing md2 for 3s on 16 size blocks: 438737 md2's in 3.00s
    Doing md2 for 3s on 64 size blocks: 236733 md2's in 3.00s
    Doing md2 for 3s on 256 size blocks: 81546 md2's in 3.00s
    Doing md2 for 3s on 1024 size blocks: 22513 md2's in 3.00s
    Doing md2 for 3s on 8192 size blocks: 2903 md2's in 3.00s
    Doing mdc2 for 3s on 16 size blocks: 1626668 mdc2's in 3.00s
    Doing mdc2 for 3s on 64 size blocks: 444340 mdc2's in 3.00s
    Doing mdc2 for 3s on 256 size blocks: 113648 mdc2's in 3.00s
    Doing mdc2 for 3s on 1024 size blocks: 28570 mdc2's in 3.00s
    Doing mdc2 for 3s on 8192 size blocks: 3576 mdc2's in 3.00s
    Doing md4 for 3s on 16 size blocks: 5904878 md4's in 3.00s
    Doing md4 for 3s on 64 size blocks: 5231898 md4's in 3.00s
    Doing md4 for 3s on 256 size blocks: 3744619 md4's in 3.00s
    Doing md4 for 3s on 1024 size blocks: 1734983 md4's in 3.00s
    Doing md4 for 3s on 8192 size blocks: 291058 md4's in 3.00s
    Doing md5 for 3s on 16 size blocks: 4847209 md5's in 3.00s
    Doing md5 for 3s on 64 size blocks: 4119175 md5's in 3.00s
    Doing md5 for 3s on 256 size blocks: 2688390 md5's in 3.00s
    Doing md5 for 3s on 1024 size blocks: 1126748 md5's in 3.00s
    Doing md5 for 3s on 8192 size blocks: 177003 md5's in 3.00s
    Doing hmac(md5) for 3s on 16 size blocks: 4022141 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 64 size blocks: 3491140 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 256 size blocks: 2412330 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 1024 size blocks: 1077391 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 8192 size blocks: 175272 hmac(md5)'s in 3.00s
    Doing sha1 for 3s on 16 size blocks: 4595032 sha1's in 3.00s
    Doing sha1 for 3s on 64 size blocks: 3661733 sha1's in 3.00s
    Doing sha1 for 3s on 256 size blocks: 2212417 sha1's in 3.00s
    Doing sha1 for 3s on 1024 size blocks: 851137 sha1's in 3.00s
    Doing sha1 for 3s on 8192 size blocks: 127281 sha1's in 3.00s
    Doing sha256 for 3s on 16 size blocks: 3606417 sha256's in 3.00s
    Doing sha256 for 3s on 64 size blocks: 2221248 sha256's in 3.00s
    Doing sha256 for 3s on 256 size blocks: 1016485 sha256's in 3.00s
    Doing sha256 for 3s on 1024 size blocks: 322344 sha256's in 3.00s
    Doing sha256 for 3s on 8192 size blocks: 43702 sha256's in 3.00s
    Doing sha512 for 3s on 16 size blocks: 2838445 sha512's in 3.00s
    Doing sha512 for 3s on 64 size blocks: 2851213 sha512's in 3.00s
    Doing sha512 for 3s on 256 size blocks: 1243092 sha512's in 3.00s
    Doing sha512 for 3s on 1024 size blocks: 460121 sha512's in 3.00s
    Doing sha512 for 3s on 8192 size blocks: 67352 sha512's in 3.00s
    Doing rmd160 for 3s on 16 size blocks: 3762779 rmd160's in 3.00s
    Doing rmd160 for 3s on 64 size blocks: 2700229 rmd160's in 3.00s
    Doing rmd160 for 3s on 256 size blocks: 1438349 rmd160's in 3.00s
    Doing rmd160 for 3s on 1024 size blocks: 501211 rmd160's in 3.00s
    Doing rmd160 for 3s on 8192 size blocks: 70796 rmd160's in 3.00s
    Doing rc4 for 3s on 16 size blocks: 63990645 rc4's in 3.00s
    Doing rc4 for 3s on 64 size blocks: 16545802 rc4's in 3.00s
    Doing rc4 for 3s on 256 size blocks: 4262950 rc4's in 3.00s
    Doing rc4 for 3s on 1024 size blocks: 1096544 rc4's in 3.00s
    Doing rc4 for 3s on 8192 size blocks: 138349 rc4's in 3.00s
    Doing des cbc for 3s on 16 size blocks: 8967222 des cbc's in 3.00s
    Doing des cbc for 3s on 64 size blocks: 2306907 des cbc's in 3.00s
    Doing des cbc for 3s on 256 size blocks: 580909 des cbc's in 3.00s
    Doing des cbc for 3s on 1024 size blocks: 145373 des cbc's in 3.00s
    Doing des cbc for 3s on 8192 size blocks: 18187 des cbc's in 3.00s
    Doing des ede3 for 3s on 16 size blocks: 3494674 des ede3's in 3.00s
    Doing des ede3 for 3s on 64 size blocks: 891101 des ede3's in 3.00s
    Doing des ede3 for 3s on 256 size blocks: 224174 des ede3's in 3.00s
    Doing des ede3 for 3s on 1024 size blocks: 56120 des ede3's in 3.00s
    Doing des ede3 for 3s on 8192 size blocks: 7016 des ede3's in 3.00s
    Doing aes-128 cbc for 3s on 16 size blocks: 25687303 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 64 size blocks: 6758895 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 256 size blocks: 1712950 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 1024 size blocks: 429880 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 8192 size blocks: 53239 aes-128 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 16 size blocks: 22952493 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 5986072 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 256 size blocks: 1514283 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 1024 size blocks: 379616 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 8192 size blocks: 46843 aes-192 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 16 size blocks: 20440449 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 64 size blocks: 5359607 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 256 size blocks: 1355484 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 1024 size blocks: 339740 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 8192 size blocks: 42049 aes-256 cbc's in 3.00s
    Doing aes-128 ige for 3s on 16 size blocks: 26763469 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 64 size blocks: 7082478 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 256 size blocks: 1811474 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 1024 size blocks: 454473 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 8192 size blocks: 56766 aes-128 ige's in 3.00s
    Doing aes-192 ige for 3s on 16 size blocks: 23301177 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 64 size blocks: 6240958 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 256 size blocks: 1587572 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 1024 size blocks: 397433 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 8192 size blocks: 49663 aes-192 ige's in 3.00s
    Doing aes-256 ige for 3s on 16 size blocks: 20908948 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 64 size blocks: 5557526 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 256 size blocks: 1410854 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 1024 size blocks: 353219 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 8192 size blocks: 44134 aes-256 ige's in 3.00s
    Doing camellia-128 cbc for 3s on 16 size blocks: 15976264 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 64 size blocks: 4291706 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 256 size blocks: 1088391 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 1024 size blocks: 273100 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 8192 size blocks: 34157 camellia-128 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 16 size blocks: 12634919 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 64 size blocks: 3259391 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 256 size blocks: 825154 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 1024 size blocks: 206435 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 8192 size blocks: 25874 camellia-192 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 16 size blocks: 12634703 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 64 size blocks: 3266021 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 256 size blocks: 825032 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 1024 size blocks: 206317 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 8192 size blocks: 25855 camellia-256 cbc's in 3.00s
    Doing rc2 cbc for 3s on 16 size blocks: 5300701 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 64 size blocks: 1342288 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 256 size blocks: 337710 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 1024 size blocks: 84383 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 8192 size blocks: 10604 rc2 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 16 size blocks: 30327602 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 64 size blocks: 8312276 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 256 size blocks: 2119335 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 1024 size blocks: 527799 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 8192 size blocks: 66243 rc5-32/12 cbc's in 3.00s
    Doing blowfish cbc for 3s on 16 size blocks: 17222980 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 64 size blocks: 4573697 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 256 size blocks: 1161872 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 1024 size blocks: 291646 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 8192 size blocks: 36515 blowfish cbc's in 3.00s
    Doing cast cbc for 3s on 16 size blocks: 13822419 cast cbc's in 3.00s
    Doing cast cbc for 3s on 64 size blocks: 3661333 cast cbc's in 3.00s
    Doing cast cbc for 3s on 256 size blocks: 927691 cast cbc's in 3.00s
    Doing cast cbc for 3s on 1024 size blocks: 232884 cast cbc's in 3.00s
    Doing cast cbc for 3s on 8192 size blocks: 29121 cast cbc's in 3.00s
    Doing 512 bit private rsa's for 10s: 47584 512 bit private RSA's in 9.99s
    Doing 512 bit public rsa's for 10s: 683873 512 bit public RSA's in 10.00s
    Doing 1024 bit private rsa's for 10s: 12975 1024 bit private RSA's in 9.99s
    Doing 1024 bit public rsa's for 10s: 263564 1024 bit public RSA's in 9.99s
    Doing 2048 bit private rsa's for 10s: 2239 2048 bit private RSA's in 10.00s
    Doing 2048 bit public rsa's for 10s: 86018 2048 bit public RSA's in 10.00s
    Doing 4096 bit private rsa's for 10s: 364 4096 bit private RSA's in 10.01s
    Doing 4096 bit public rsa's for 10s: 24752 4096 bit public RSA's in 10.00s
    Doing 512 bit sign dsa's for 10s: 68020 512 bit DSA signs in 9.96s
    Doing 512 bit verify dsa's for 10s: 64409 512 bit DSA verify in 10.00s
    Doing 1024 bit sign dsa's for 10s: 26982 1024 bit DSA signs in 9.98s
    Doing 1024 bit verify dsa's for 10s: 21850 1024 bit DSA verify in 10.00s
    Doing 2048 bit sign dsa's for 10s: 8841 2048 bit DSA signs in 9.98s
    Doing 2048 bit verify dsa's for 10s: 7272 2048 bit DSA verify in 10.00s
    OpenSSL 0.9.8x-freebsd 10 May 2012
    built on: date not available
    options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
    compiler: cc
    available timing options: USE_TOD HZ=128 [sysconf value]
    timing function used: getrusage
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md2               2340.86k     5049.38k     6957.01k     7682.05k     7923.79k
    mdc2              8673.71k     9476.22k     9694.82k     9748.81k     9761.63k
    md4              31482.99k   111578.49k   319438.39k   592017.10k   794527.60k
    md5              25874.79k    87848.41k   229354.08k   384506.80k   483213.62k
    hmac(md5)        21446.21k    74460.85k   205804.41k   367662.20k   478548.47k
    sha1             24504.34k    78098.15k   188748.94k   290448.91k   347451.96k
    rmd160           20061.98k    57591.50k   122711.38k   171040.28k   193270.48k
    rc4             341202.35k   352895.47k   363676.57k   374167.66k   377665.79k
    des cbc          47810.03k    49198.27k    49555.32k    49611.75k    49653.23k
    des ede3         18651.82k    19004.12k    19123.31k    19149.43k    19152.43k
    idea cbc             0.00         0.00         0.00         0.00         0.00
    seed cbc             0.00         0.00         0.00         0.00         0.00
    rc2 cbc          28262.07k    28628.08k    28814.62k    28795.72k    28944.81k
    rc5-32/12 cbc   161707.43k   177271.71k   180791.89k   180097.64k   180828.18k
    blowfish cbc     91830.67k    97548.14k    99124.34k    99525.25k    99681.42k
    cast cbc         73696.38k    78083.48k    79137.59k    79465.59k    79494.20k
    aes-128 cbc     136975.85k   144155.16k   146136.42k   146695.89k   145331.84k
    aes-192 cbc     122374.42k   127662.44k   129177.39k   129533.88k   127871.49k
    aes-256 cbc     108981.62k   114301.55k   115630.77k   115927.18k   114784.23k
    camellia-128 cbc    85179.71k    91527.17k    92849.48k    93188.50k    93240.05k
    camellia-192 cbc    67423.23k    69519.10k    70396.11k    70446.00k    70636.46k
    camellia-256 cbc    67369.30k    69657.54k    70386.31k    70403.13k    70577.74k
    sha256           19228.12k    47371.59k    86712.45k   109991.77k   119295.67k
    sha512           15137.16k    60806.70k   106043.07k   157004.24k   183856.48k
    aes-128 ige     142705.92k   151045.44k   154529.46k   155077.21k   154965.84k
    aes-192 ige     124238.65k   133098.29k   135429.74k   135614.46k   135567.50k
    aes-256 ige     111480.42k   118531.04k   120363.47k   120537.57k   120477.01k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.000210s 0.000015s   4762.0  68382.3
    rsa 1024 bits 0.000770s 0.000038s   1298.3  26371.0
    rsa 2048 bits 0.004467s 0.000116s    223.9   8601.2
    rsa 4096 bits 0.027487s 0.000404s     36.4   2475.1
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.000146s 0.000155s   6828.4   6440.8
    dsa 1024 bits 0.000370s 0.000458s   2704.4   2184.9
    dsa 2048 bits 0.001129s 0.001375s    886.1    727.1
    
     
  3. kyrios

    kyrios Networkin' Nut Member

    Mine is RT-N16 as well :).
    RT-N16 as server and E4200v1 as client.
    Please let me know the result koitsu. THX U
     
  4. koitsu

    koitsu Network Guru Member

    Will do. Be aware the numbers you'll see in a follow-up post are from an RT-N16 (original version, not rev A1), stock clock speeds (i.e. not overclocked), and with a very bare/slim number of features turned on in the firmware (i.e. QoS is disabled, CTF is unused, but FastNAT is enabled). Firmware used is Toastman's tomato-K26USB-1.28.0501.2MIPSR2Toastman-RT-N-Ext.trx. Numbers will vary depending what all you're doing, how much traffic is flowing at the time of the benchmark, etc..
     
  5. Mangix

    Mangix Networkin' Nut Member

    The following dump is results of openssl speed on a 300MHz broadcom CPU. For other Broadcom CPUs, just do frequency/300 * results to get very close estimates. Seriously, shibby posted benchmarks on an RT-N66U(600 MHz) and they are exactly 2x the results of these:
    Code:
    root@linksys:/tmp# openssl speed
    Doing md4 for 3s on 16 size blocks: 210538 md4's in 2.80s
    Doing md4 for 3s on 64 size blocks: 195678 md4's in 2.86s
    Doing md4 for 3s on 256 size blocks: 141547 md4's in 2.86s
    Doing md4 for 3s on 1024 size blocks: 66571 md4's in 2.86s
    Doing md4 for 3s on 8192 size blocks: 11737 md4's in 2.92s
    Doing md5 for 3s on 16 size blocks: 204233 md5's in 2.96s
    Doing md5 for 3s on 64 size blocks: 167521 md5's in 2.89s
    Doing md5 for 3s on 256 size blocks: 111736 md5's in 2.91s
    Doing md5 for 3s on 1024 size blocks: 47571 md5's in 2.92s
    Doing md5 for 3s on 8192 size blocks: 7441 md5's in 2.93s
    Doing hmac(md5) for 3s on 16 size blocks: 215459 hmac(md5)'s in 2.90s
    Doing hmac(md5) for 3s on 64 size blocks: 175270 hmac(md5)'s in 2.85s
    Doing hmac(md5) for 3s on 256 size blocks: 114984 hmac(md5)'s in 2.88s
    Doing hmac(md5) for 3s on 1024 size blocks: 49089 hmac(md5)'s in 2.91s
    Doing hmac(md5) for 3s on 8192 size blocks: 7632 hmac(md5)'s in 2.92s
    Doing sha1 for 3s on 16 size blocks: 201001 sha1's in 2.96s
    Doing sha1 for 3s on 64 size blocks: 147364 sha1's in 2.98s
    Doing sha1 for 3s on 256 size blocks: 82619 sha1's in 2.95s
    Doing sha1 for 3s on 1024 size blocks: 30039 sha1's in 2.99s
    Doing sha1 for 3s on 8192 size blocks: 4318 sha1's in 2.96s
    Doing sha256 for 3s on 16 size blocks: 167686 sha256's in 3.00s
    Doing sha256 for 3s on 64 size blocks: 101027 sha256's in 2.98s
    Doing sha256 for 3s on 256 size blocks: 46008 sha256's in 2.96s
    Doing sha256 for 3s on 1024 size blocks: 14078 sha256's in 2.91s
    Doing sha256 for 3s on 8192 size blocks: 1962 sha256's in 2.97s
    Doing sha512 for 3s on 16 size blocks: 51479 sha512's in 2.97s
    Doing sha512 for 3s on 64 size blocks: 51006 sha512's in 2.95s
    Doing sha512 for 3s on 256 size blocks: 18862 sha512's in 2.98s
    Doing sha512 for 3s on 1024 size blocks: 6533 sha512's in 2.97s
    Doing sha512 for 3s on 8192 size blocks: 919 sha512's in 2.99s
    Doing whirlpool for 3s on 16 size blocks: 37437 whirlpool's in 2.97s
    Doing whirlpool for 3s on 64 size blocks: 18925 whirlpool's in 2.99s
    Doing whirlpool for 3s on 256 size blocks: 7514 whirlpool's in 2.97s
    Doing whirlpool for 3s on 1024 size blocks: 2207 whirlpool's in 2.95s
    Doing whirlpool for 3s on 8192 size blocks: 228 whirlpool's in 2.40s
    Doing rc4 for 3s on 16 size blocks: 2479260 rc4's in 2.46s
    Doing rc4 for 3s on 64 size blocks: 809946 rc4's in 2.87s
    Doing rc4 for 3s on 256 size blocks: 210467 rc4's in 2.94s
    Doing rc4 for 3s on 1024 size blocks: 53664 rc4's in 2.91s
    Doing rc4 for 3s on 8192 size blocks: 6703 rc4's in 2.86s
    Doing des cbc for 3s on 16 size blocks: 497334 des cbc's in 2.95s
    Doing des cbc for 3s on 64 size blocks: 132276 des cbc's in 2.90s
    Doing des cbc for 3s on 256 size blocks: 34107 des cbc's in 2.96s
    Doing des cbc for 3s on 1024 size blocks: 8519 des cbc's in 2.93s
    Doing des cbc for 3s on 8192 size blocks: 1087 des cbc's in 2.98s
    Doing des ede3 for 3s on 16 size blocks: 190176 des ede3's in 2.97s
    Doing des ede3 for 3s on 64 size blocks: 49375 des ede3's in 2.98s
    Doing des ede3 for 3s on 256 size blocks: 12362 des ede3's in 2.99s
    Doing des ede3 for 3s on 1024 size blocks: 3107 des ede3's in 3.01s
    Doing des ede3 for 3s on 8192 size blocks: 389 des ede3's in 3.02s
    Doing aes-128 cbc for 3s on 16 size blocks: 854067 aes-128 cbc's in 3.02s
    Doing aes-128 cbc for 3s on 64 size blocks: 225684 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 256 size blocks: 57367 aes-128 cbc's in 3.02s
    Doing aes-128 cbc for 3s on 1024 size blocks: 14368 aes-128 cbc's in 3.01s
    Doing aes-128 cbc for 3s on 8192 size blocks: 1805 aes-128 cbc's in 3.02s
    Doing aes-192 cbc for 3s on 16 size blocks: 754690 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 198170 aes-192 cbc's in 3.02s
    Doing aes-192 cbc for 3s on 256 size blocks: 41500 aes-192 cbc's in 2.49s
    Doing aes-192 cbc for 3s on 1024 size blocks: 9606 aes-192 cbc's in 2.39s
    Doing aes-192 cbc for 3s on 8192 size blocks: 1505 aes-192 cbc's in 2.91s
    Doing aes-256 cbc for 3s on 16 size blocks: 653510 aes-256 cbc's in 2.91s
    Doing aes-256 cbc for 3s on 64 size blocks: 176576 aes-256 cbc's in 3.02s
    Doing aes-256 cbc for 3s on 256 size blocks: 44725 aes-256 cbc's in 3.01s
    Doing aes-256 cbc for 3s on 1024 size blocks: 10837 aes-256 cbc's in 2.94s
    Doing aes-256 cbc for 3s on 8192 size blocks: 1350 aes-256 cbc's in 2.95s
    Doing aes-128 ige for 3s on 16 size blocks: 786703 aes-128 ige's in 2.61s
    Doing aes-128 ige for 3s on 64 size blocks: 214546 aes-128 ige's in 2.57s
    Doing aes-128 ige for 3s on 256 size blocks: 50713 aes-128 ige's in 2.31s
    Doing aes-128 ige for 3s on 1024 size blocks: 16189 aes-128 ige's in 2.96s
    Doing aes-128 ige for 3s on 8192 size blocks: 2024 aes-128 ige's in 2.91s
    Doing aes-192 ige for 3s on 16 size blocks: 807450 aes-192 ige's in 2.85s
    Doing aes-192 ige for 3s on 64 size blocks: 212644 aes-192 ige's in 2.89s
    Doing aes-192 ige for 3s on 256 size blocks: 55073 aes-192 ige's in 2.87s
    Doing aes-192 ige for 3s on 1024 size blocks: 13864 aes-192 ige's in 2.86s
    Doing aes-192 ige for 3s on 8192 size blocks: 1743 aes-192 ige's in 2.86s
    Doing aes-256 ige for 3s on 16 size blocks: 719817 aes-256 ige's in 2.91s
    Doing aes-256 ige for 3s on 64 size blocks: 190896 aes-256 ige's in 2.91s
    Doing aes-256 ige for 3s on 256 size blocks: 47821 aes-256 ige's in 2.89s
    Doing aes-256 ige for 3s on 1024 size blocks: 12121 aes-256 ige's in 2.89s
    Doing aes-256 ige for 3s on 8192 size blocks: 1500 aes-256 ige's in 2.87s
    Doing ghash for 3s on 16 size blocks: 774335 ghash's in 2.88s
    Doing ghash for 3s on 64 size blocks: 202891 ghash's in 2.91s
    Doing ghash for 3s on 256 size blocks: 50629 ghash's in 2.93s
    Doing ghash for 3s on 1024 size blocks: 12802 ghash's in 2.90s
    Doing ghash for 3s on 8192 size blocks: 1600 ghash's in 2.92s
    Doing idea cbc for 3s on 16 size blocks: 702004 idea cbc's in 2.88s
    Doing idea cbc for 3s on 64 size blocks: 191325 idea cbc's in 2.93s
    Doing idea cbc for 3s on 256 size blocks: 48696 idea cbc's in 2.94s
    Doing idea cbc for 3s on 1024 size blocks: 12232 idea cbc's in 2.92s
    Doing idea cbc for 3s on 8192 size blocks: 1533 idea cbc's in 2.91s
    Doing rc2 cbc for 3s on 16 size blocks: 446532 rc2 cbc's in 2.89s
    Doing rc2 cbc for 3s on 64 size blocks: 115590 rc2 cbc's in 2.94s
    Doing rc2 cbc for 3s on 256 size blocks: 28690 rc2 cbc's in 2.89s
    Doing rc2 cbc for 3s on 1024 size blocks: 7214 rc2 cbc's in 2.89s
    Doing rc2 cbc for 3s on 8192 size blocks: 909 rc2 cbc's in 2.87s
    Doing rc5-32/12 cbc for 3s on 16 size blocks: 1459693 rc5-32/12 cbc's in 2.87s
    Doing rc5-32/12 cbc for 3s on 64 size blocks: 418134 rc5-32/12 cbc's in 2.90s
    Doing rc5-32/12 cbc for 3s on 256 size blocks: 107362 rc5-32/12 cbc's in 2.91s
    Doing rc5-32/12 cbc for 3s on 1024 size blocks: 27905 rc5-32/12 cbc's in 2.99s
    Doing rc5-32/12 cbc for 3s on 8192 size blocks: 3441 rc5-32/12 cbc's in 2.95s
    Doing blowfish cbc for 3s on 16 size blocks: 1129240 blowfish cbc's in 2.99s
    Doing blowfish cbc for 3s on 64 size blocks: 302445 blowfish cbc's in 2.98s
    Doing blowfish cbc for 3s on 256 size blocks: 77368 blowfish cbc's in 2.99s
    Doing blowfish cbc for 3s on 1024 size blocks: 18799 blowfish cbc's in 2.93s
    Doing blowfish cbc for 3s on 8192 size blocks: 2437 blowfish cbc's in 2.98s
    Doing cast cbc for 3s on 16 size blocks: 898691 cast cbc's in 2.97s
    Doing cast cbc for 3s on 64 size blocks: 241981 cast cbc's in 2.96s
    Doing cast cbc for 3s on 256 size blocks: 61527 cast cbc's in 2.98s
    Doing cast cbc for 3s on 1024 size blocks: 15469 cast cbc's in 2.98s
    Doing cast cbc for 3s on 8192 size blocks: 1939 cast cbc's in 2.98s
    Doing 512 bit private rsa's for 10s: 1266 512 bit private RSA's in 9.91s
    Doing 512 bit public rsa's for 10s: 16700 512 bit public RSA's in 9.96s
    Doing 1024 bit private rsa's for 10s: 264 1024 bit private RSA's in 9.26s
    Doing 1024 bit public rsa's for 10s: 5584 1024 bit public RSA's in 9.60s
    Doing 2048 bit private rsa's for 10s: 48 2048 bit private RSA's in 9.83s
    Doing 2048 bit public rsa's for 10s: 1766 2048 bit public RSA's in 9.92s
    Doing 4096 bit private rsa's for 10s: 8 4096 bit private RSA's in 10.90s
    Doing 4096 bit public rsa's for 10s: 484 4096 bit public RSA's in 10.02s
    Doing 512 bit sign dsa's for 10s: 1578 512 bit DSA signs in 9.89s
    Doing 512 bit verify dsa's for 10s: 1411 512 bit DSA verify in 9.85s
    Doing 1024 bit sign dsa's for 10s: 498 1024 bit DSA signs in 8.51s
    Doing 1024 bit verify dsa's for 10s: 475 1024 bit DSA verify in 9.57s
    Doing 2048 bit sign dsa's for 10s: 171 2048 bit DSA signs in 9.55s
    Doing 2048 bit verify dsa's for 10s: 141 2048 bit DSA verify in 9.74s
    OpenSSL 1.0.1c 10 May 2012
    built on: Mon Jan 21 10:20:56 CET 2013
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) idea(int) blowfish(ptr)
    compiler: mipsel-uclibc-gcc -fPIC -DOPENSSL_PIC -DDSO_DLFCN -DHAVE_DLFCN_H -ffunction-sections -fdata-sections -DOPENSSL_NO_ERR -DL_ENDIAN -DTERMIO -Os -DLINUX26 -DCONFIG_BCMWL5 -pipe -DBCMWPA2 -funit-at-a-time -Wno-pointer-sign -mtune=mips32 -mips32 -DCONFIG_NVRAM_SIZE=60  -DOPENSSL_SMALL_FOOTPRINT -fomit-frame-pointer -Wall -DSHA1_ASM -DSHA256_ASM -DAES_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
    md2                  0.00        0.00        0.00        0.00        0.00
    mdc2                0.00        0.00        0.00        0.00        0.00
    md4              1203.07k    4378.81k    12669.94k    23835.21k    32927.91k
    md5              1103.96k    3709.81k    9829.70k    16682.43k    20804.32k
    hmac(md5)        1188.74k    3935.89k    10220.80k    17273.93k    21411.42k
    sha1              1086.49k    3164.86k    7169.65k    10287.60k    11950.36k
    rmd160              0.00        0.00        0.00        0.00        0.00
    rc4              16125.27k    18061.51k    18326.38k    18883.83k    19199.64k
    des cbc          2697.40k    2919.19k    2949.79k    2977.29k    2988.16k
    des ede3          1024.52k    1060.40k    1058.42k    1057.00k    1055.19k
    idea cbc          3900.02k    4179.11k    4240.20k    4289.58k    4315.58k
    seed cbc            0.00        0.00        0.00        0.00        0.00
    rc2 cbc          2472.15k    2516.24k    2541.40k    2556.10k    2594.61k
    rc5-32/12 cbc    8137.66k    9227.78k    9444.90k    9556.76k    9555.48k
    blowfish cbc      6042.76k    6495.46k    6624.15k    6570.03k    6699.30k
    cast cbc          4841.43k    5232.02k    5285.54k    5315.52k    5330.30k
    aes-128 cbc      4524.86k    4814.59k    4862.90k    4887.98k    4896.21k
    aes-192 cbc      4025.01k    4199.63k    4266.67k    4115.71k    4236.76k
    aes-256 cbc      3593.18k    3742.01k    3803.85k    3774.52k    3748.88k
    camellia-128 cbc        0.00        0.00        0.00        0.00        0.00
    camellia-192 cbc        0.00        0.00        0.00        0.00        0.00
    camellia-256 cbc        0.00        0.00        0.00        0.00        0.00
    sha256            894.33k    2169.71k    3979.07k    4953.91k    5411.68k
    sha512            277.33k    1106.57k    1620.36k    2252.46k    2517.88k
    whirlpool          201.68k      405.08k      647.67k      766.09k      778.24k
    aes-128 ige      4822.70k    5342.78k    5620.14k    5600.52k    5697.80k
    aes-192 ige      4533.05k    4709.07k    4912.43k    4963.89k    4992.54k
    aes-256 ige      3957.76k    4198.40k    4236.05k    4294.78k    4281.53k
    ghash            4301.86k    4462.21k    4423.56k    4520.43k    4488.77k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.007828s 0.000596s    127.7  1676.7
    rsa 1024 bits 0.035076s 0.001719s    28.5    581.7
    rsa 2048 bits 0.204792s 0.005617s      4.9    178.0
    rsa 4096 bits 1.362500s 0.020702s      0.7    48.3
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.006267s 0.006981s    159.6    143.2
    dsa 1024 bits 0.017088s 0.020147s    58.5    49.6
    dsa 2048 bits 0.055848s 0.069078s    17.9    14.5
    One question I have: Why are there all these ciphers even supported? You could save on firmware size by supporting the AES modes and nothing else.
     
  6. koitsu

    koitsu Network Guru Member

    Here you go:

    Code:
    root@gw:/tmp/home/root# /opt/bin/openssl speed
    Doing md4 for 3s on 16 size blocks: 336174 md4's in 2.99s
    Doing md4 for 3s on 64 size blocks: 312178 md4's in 2.96s
    Doing md4 for 3s on 256 size blocks: 218649 md4's in 2.99s
    Doing md4 for 3s on 1024 size blocks: 115972 md4's in 3.00s
    Doing md4 for 3s on 8192 size blocks: 19989 md4's in 3.01s
    Doing md5 for 3s on 16 size blocks: 337694 md5's in 2.96s
    Doing md5 for 3s on 64 size blocks: 283963 md5's in 2.99s
    Doing md5 for 3s on 256 size blocks: 185711 md5's in 3.00s
    Doing md5 for 3s on 1024 size blocks: 78017 md5's in 2.99s
    Doing md5 for 3s on 8192 size blocks: 12154 md5's in 2.97s
    Doing hmac(md5) for 3s on 16 size blocks: 358087 hmac(md5)'s in 2.99s
    Doing hmac(md5) for 3s on 64 size blocks: 294737 hmac(md5)'s in 2.99s
    Doing hmac(md5) for 3s on 256 size blocks: 190694 hmac(md5)'s in 2.99s
    Doing hmac(md5) for 3s on 1024 size blocks: 78927 hmac(md5)'s in 2.98s
    Doing hmac(md5) for 3s on 8192 size blocks: 12049 hmac(md5)'s in 2.95s
    Doing sha1 for 3s on 16 size blocks: 322368 sha1's in 2.99s
    Doing sha1 for 3s on 64 size blocks: 238212 sha1's in 2.99s
    Doing sha1 for 3s on 256 size blocks: 132968 sha1's in 2.95s
    Doing sha1 for 3s on 1024 size blocks: 48175 sha1's in 2.97s
    Doing sha1 for 3s on 8192 size blocks: 6940 sha1's in 2.97s
    Doing sha256 for 3s on 16 size blocks: 273020 sha256's in 2.97s
    Doing sha256 for 3s on 64 size blocks: 163480 sha256's in 2.96s
    Doing sha256 for 3s on 256 size blocks: 73999 sha256's in 2.97s
    Doing sha256 for 3s on 1024 size blocks: 23258 sha256's in 2.98s
    Doing sha256 for 3s on 8192 size blocks: 3147 sha256's in 3.00s
    Doing sha512 for 3s on 16 size blocks: 87727 sha512's in 3.00s
    Doing sha512 for 3s on 64 size blocks: 87991 sha512's in 2.97s
    Doing sha512 for 3s on 256 size blocks: 32778 sha512's in 2.98s
    Doing sha512 for 3s on 1024 size blocks: 11375 sha512's in 2.98s
    Doing sha512 for 3s on 8192 size blocks: 1604 sha512's in 2.98s
    Doing whirlpool for 3s on 16 size blocks: 92833 whirlpool's in 2.99s
    Doing whirlpool for 3s on 64 size blocks: 46506 whirlpool's in 3.01s
    Doing whirlpool for 3s on 256 size blocks: 18404 whirlpool's in 3.00s
    Doing whirlpool for 3s on 1024 size blocks: 5385 whirlpool's in 3.01s
    Doing whirlpool for 3s on 8192 size blocks: 707 whirlpool's in 2.99s
    Doing rc4 for 3s on 16 size blocks: 4724984 rc4's in 3.00s
    Doing rc4 for 3s on 64 size blocks: 1290501 rc4's in 3.01s
    Doing rc4 for 3s on 256 size blocks: 334980 rc4's in 3.00s
    Doing rc4 for 3s on 1024 size blocks: 84606 rc4's in 3.01s
    Doing rc4 for 3s on 8192 size blocks: 10593 rc4's in 3.00s
    Doing des cbc for 3s on 16 size blocks: 720696 des cbc's in 2.99s
    Doing des cbc for 3s on 64 size blocks: 188285 des cbc's in 2.98s
    Doing des cbc for 3s on 256 size blocks: 47386 des cbc's in 2.97s
    Doing des cbc for 3s on 1024 size blocks: 11878 des cbc's in 2.99s
    Doing des cbc for 3s on 8192 size blocks: 1486 des cbc's in 2.97s
    Doing des ede3 for 3s on 16 size blocks: 261309 des ede3's in 2.96s
    Doing des ede3 for 3s on 64 size blocks: 67324 des ede3's in 2.95s
    Doing des ede3 for 3s on 256 size blocks: 16932 des ede3's in 2.92s
    Doing des ede3 for 3s on 1024 size blocks: 4236 des ede3's in 2.95s
    Doing des ede3 for 3s on 8192 size blocks: 530 des ede3's in 2.98s
    Doing aes-128 cbc for 3s on 16 size blocks: 1442259 aes-128 cbc's in 3.01s
    Doing aes-128 cbc for 3s on 64 size blocks: 382129 aes-128 cbc's in 2.99s
    Doing aes-128 cbc for 3s on 256 size blocks: 97228 aes-128 cbc's in 2.99s
    Doing aes-128 cbc for 3s on 1024 size blocks: 24405 aes-128 cbc's in 2.97s
    Doing aes-128 cbc for 3s on 8192 size blocks: 3055 aes-128 cbc's in 3.01s
    Doing aes-192 cbc for 3s on 16 size blocks: 1269917 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 333413 aes-192 cbc's in 3.01s
    Doing aes-192 cbc for 3s on 256 size blocks: 84401 aes-192 cbc's in 3.01s
    Doing aes-192 cbc for 3s on 1024 size blocks: 21232 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 8192 size blocks: 2657 aes-192 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 16 size blocks: 1120551 aes-256 cbc's in 2.98s
    Doing aes-256 cbc for 3s on 64 size blocks: 294677 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 256 size blocks: 74649 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 1024 size blocks: 18681 aes-256 cbc's in 2.97s
    Doing aes-256 cbc for 3s on 8192 size blocks: 2338 aes-256 cbc's in 2.97s
    Doing aes-128 ige for 3s on 16 size blocks: 1513563 aes-128 ige's in 2.95s
    Doing aes-128 ige for 3s on 64 size blocks: 414807 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 256 size blocks: 106801 aes-128 ige's in 2.98s
    Doing aes-128 ige for 3s on 1024 size blocks: 26870 aes-128 ige's in 2.98s
    Doing aes-128 ige for 3s on 8192 size blocks: 3360 aes-128 ige's in 3.01s
    Doing aes-192 ige for 3s on 16 size blocks: 1316900 aes-192 ige's in 2.99s
    Doing aes-192 ige for 3s on 64 size blocks: 355616 aes-192 ige's in 2.97s
    Doing aes-192 ige for 3s on 256 size blocks: 91207 aes-192 ige's in 2.99s
    Doing aes-192 ige for 3s on 1024 size blocks: 22937 aes-192 ige's in 2.95s
    Doing aes-192 ige for 3s on 8192 size blocks: 2866 aes-192 ige's in 2.95s
    Doing aes-256 ige for 3s on 16 size blocks: 1166318 aes-256 ige's in 2.99s
    Doing aes-256 ige for 3s on 64 size blocks: 313015 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 256 size blocks: 79986 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 1024 size blocks: 20093 aes-256 ige's in 2.99s
    Doing aes-256 ige for 3s on 8192 size blocks: 2513 aes-256 ige's in 2.96s
    Doing ghash for 3s on 16 size blocks: 1535229 ghash's in 3.00s
    Doing ghash for 3s on 64 size blocks: 408119 ghash's in 3.00s
    Doing ghash for 3s on 256 size blocks: 103761 ghash's in 2.96s
    Doing ghash for 3s on 1024 size blocks: 26113 ghash's in 3.01s
    Doing ghash for 3s on 8192 size blocks: 3267 ghash's in 3.00s
    Doing seed cbc for 3s on 16 size blocks: 901141 seed cbc's in 2.99s
    Doing seed cbc for 3s on 64 size blocks: 236383 seed cbc's in 2.98s
    Doing seed cbc for 3s on 256 size blocks: 59708 seed cbc's in 2.99s
    Doing seed cbc for 3s on 1024 size blocks: 14964 seed cbc's in 3.00s
    Doing seed cbc for 3s on 8192 size blocks: 1870 seed cbc's in 3.00s
    Doing rc2 cbc for 3s on 16 size blocks: 689498 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 64 size blocks: 176198 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 256 size blocks: 44421 rc2 cbc's in 2.99s
    Doing rc2 cbc for 3s on 1024 size blocks: 11135 rc2 cbc's in 2.99s
    Doing rc2 cbc for 3s on 8192 size blocks: 1392 rc2 cbc's in 2.98s
    Doing blowfish cbc for 3s on 16 size blocks: 1716212 blowfish cbc's in 2.98s
    Doing blowfish cbc for 3s on 64 size blocks: 471055 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 256 size blocks: 121136 blowfish cbc's in 2.98s
    Doing blowfish cbc for 3s on 1024 size blocks: 30494 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 8192 size blocks: 3818 blowfish cbc's in 2.98s
    Doing cast cbc for 3s on 16 size blocks: 1396971 cast cbc's in 3.00s
    Doing cast cbc for 3s on 64 size blocks: 375141 cast cbc's in 2.98s
    Doing cast cbc for 3s on 256 size blocks: 95768 cast cbc's in 2.97s
    Doing cast cbc for 3s on 1024 size blocks: 24044 cast cbc's in 2.95s
    Doing cast cbc for 3s on 8192 size blocks: 3006 cast cbc's in 2.95s
    Doing 512 bit private rsa's for 10s: 2315 512 bit private RSA's in 9.91s
    Doing 512 bit public rsa's for 10s: 28170 512 bit public RSA's in 9.92s
    Doing 1024 bit private rsa's for 10s: 483 1024 bit private RSA's in 9.93s
    Doing 1024 bit public rsa's for 10s: 9578 1024 bit public RSA's in 9.93s
    Doing 2048 bit private rsa's for 10s: 80 2048 bit private RSA's in 9.99s
    Doing 2048 bit public rsa's for 10s: 2842 2048 bit public RSA's in 9.88s
    Doing 4096 bit private rsa's for 10s: 12 4096 bit private RSA's in 10.04s
    Doing 4096 bit public rsa's for 10s: 776 4096 bit public RSA's in 9.89s
    Doing 512 bit sign dsa's for 10s: 2695 512 bit DSA signs in 9.69s
    Doing 512 bit verify dsa's for 10s: 2498 512 bit DSA verify in 9.98s
    Doing 1024 bit sign dsa's for 10s: 953 1024 bit DSA signs in 9.95s
    Doing 1024 bit verify dsa's for 10s: 796 1024 bit DSA verify in 9.89s
    Doing 2048 bit sign dsa's for 10s: 286 2048 bit DSA signs in 9.93s
    Doing 2048 bit verify dsa's for 10s: 236 2048 bit DSA verify in 9.97s
    OpenSSL 1.0.1c 10 May 2012
    built on: Mon Dec 10 11:09:03 MSK 2012
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(ptr)
    compiler: mipsel-uclibc-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/god/BuildRepo/openwrt_trunk/staging_dir/target-mipsel-linux-gnu/opt/include -I/home/god/BuildRepo/openwrt_trunk/staging_dir/target-mipsel-linux-gnu/include -I/opt/entware-toolchain/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIO -O2 -pipe -mips32 -mtune=mips32 -fpic -fomit-frame-pointer -Wall -DSHA1_ASM -DSHA256_ASM -DAES_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md2                  0.00         0.00         0.00         0.00         0.00
    mdc2                 0.00         0.00         0.00         0.00         0.00
    md4               1798.92k     6749.79k    18720.45k    39585.11k    54401.96k
    md5               1825.37k     6078.14k    15847.34k    26718.87k    33523.76k
    hmac(md5)         1916.18k     6308.75k    16326.98k    27121.22k    33459.46k
    sha1              1725.05k     5098.85k    11538.92k    16609.83k    19142.25k
    rmd160               0.00         0.00         0.00         0.00         0.00
    rc4              25199.91k    27439.22k    28584.96k    28782.90k    28925.95k
    des cbc           3856.57k     4043.70k     4084.45k     4067.92k     4098.76k
    des ede3          1412.48k     1460.59k     1484.45k     1470.39k     1456.97k
    idea cbc             0.00         0.00         0.00         0.00         0.00
    seed cbc          4822.16k     5076.68k     5112.12k     5107.71k     5106.35k
    rc2 cbc           3677.32k     3758.89k     3803.27k     3813.46k     3826.60k
    rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00
    blowfish cbc      9214.56k    10049.17k    10406.31k    10408.62k    10495.66k
    cast cbc          7450.51k     8056.72k     8254.75k     8346.12k     8347.51k
    aes-128 cbc       7666.49k     8179.35k     8324.54k     8414.38k     8314.47k
    aes-192 cbc       6772.89k     7089.18k     7178.29k     7247.19k     7255.38k
    aes-256 cbc       6016.38k     6307.47k     6391.35k     6440.86k     6448.79k
    camellia-128 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-192 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-256 cbc        0.00         0.00         0.00         0.00         0.00
    sha256            1470.81k     3534.70k     6378.36k     7992.01k     8593.41k
    sha512             467.88k     1896.10k     2815.83k     3908.72k     4409.39k
    whirlpool          496.77k      988.83k     1570.47k     1831.97k     1937.04k
    aes-128 ige       8209.16k     8849.22k     9174.85k     9233.18k     9144.56k
    aes-192 ige       7046.96k     7663.11k     7809.03k     7961.86k     7958.74k
    aes-256 ige       6241.17k     6677.65k     6825.47k     6881.35k     6954.90k
    ghash             8187.89k     8706.54k     8973.92k     8883.63k     8921.09k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.004281s 0.000352s    233.6   2839.7
    rsa 1024 bits 0.020559s 0.001037s     48.6    964.6
    rsa 2048 bits 0.124875s 0.003476s      8.0    287.7
    rsa 4096 bits 0.836667s 0.012745s      1.2     78.5
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.003596s 0.003995s    278.1    250.3
    dsa 1024 bits 0.010441s 0.012425s     95.8     80.5
    dsa 2048 bits 0.034720s 0.042246s     28.8     23.7
    
    These numbers include/reflect use of the MIPS assembly optimisation patches. This is verified by the -DSHA1_ASM -DSHA256_ASM -DAES_ASM compiler options shown in the output. Shibby v105 or newer should have these too.

    I don't have much familiarity with messing about with OpenVPN ciphers (I have used OpenVPN but not on these routers and I used the stock/default cipher, whatever that was). But you should be able to discern what's what. And if you do have a choice between RSA and DSA (unlikely but possible), stick with RSA (key generation/signing is slower, but verification is way, way faster).

    Entries with "0.00" indicate the cipher is unavailable/not compiled in to OpenSSL. Please do not beg/discuss this; there may be reasons for this (for example, the IDEA cipher is generally not available because of legal/law restrictions in the USA). Do not complain, just go with what's available, and use whichever one is best given the options you have available (again: I'm not familiar with cipher selection in OpenVPN).

    Footnote: this should give you some idea of just how much slower these routers are compared to a standard desktop PC. The x64 FreeBSD box the earlier benchmarks were from, by the way, is a Core 2 Quad Q9550 @ stock 2.8GHz. So when I tell people "these routers are not high-performance blazing-fast devices", this acts as confirmation.
     
  7. kyrios

    kyrios Networkin' Nut Member

    @koitsu & @Mangix
    I do openVPN for cardsharing. For fastest response, which chiper I shall use?
    Sorry, I'm kinda newbie to understand the tables both of you provide
     
  8. koitsu

    koitsu Network Guru Member

    Outside the topic of this thread, honestly (let's not confuse the guy :p).

    I strongly doubt adding tons of no-{ciphername} entries to the OpenSSL Configure call would truly save a substantial amount of firmware space. I don't use VPN firmwares so I can't see what the size of libssl and libcrypto are on them. I can tell what size they are in Entware:

    Code:
    root@gw:/tmp/home/root# ls -l /opt/lib/libssl.so.1.0.0 /opt/lib/libcrypto.so.1.0.0
    -rw-r--r--    1 1501     1501       1452752 Dec  9 23:10 /opt/lib/libcrypto.so.1.0.0
    -rw-r--r--    1 1501     1501        334912 Dec  9 23:10 /opt/lib/libssl.so.1.0.0
    
    So rather than get all uppity, go try it and report back the savings. I've looked at objdump -T, which is not a full analysis, but to me it looks like the savings would be minimal. Most of the space is taken up by the .text segment (looked at via objdump -i and objdump -s), which should come as no surprise. It's difficult to break down the usage more than that due to how ELF and ld.so works and so on.
     
  9. koitsu

    koitsu Network Guru Member

    What the numbers mean in the table at the bottom of the output is documented/described (read it slowly). "Figuring out" which is best is left as an exercise for you. I'm a little shocked that you'd ask what cipher to use then later admit you have absolutely no familiarity with this. *shakes head* :-/
     
  10. Mangix

    Mangix Networkin' Nut Member

    According to my benchmark, RC5-OCB is the fastest. That being said, I would stick with AES-OFB as that's probably the most secure and most trusted.

    As far as I know, there are no issues with the other ciphers but I still would not use them.

    Actually on second thought, OpenSSL shows RC5 as rc5-32/12 cbc meaning....12 round RC5 at 32-bit block size? This is totally insecure. RC2 and Blowfish have a 64-bit block size so no. Only CAST5 and AES have 128-bit.

    Bottom line: Use AES-OFB.

    @Koitsu
    Just realized after glazing at your desktop computer results: those numbers are actually not a very good comparison as x86 is a much different architecture than MIPS. As a result, there are discrepancies in performance. For example, AES is faster than blowfish whereas the reverse is true on MIPS.
     
  11. koitsu

    koitsu Network Guru Member

    Re: architectural differences: yes that's a valid point. My statement was referring to the magnitude of difference on a general level. For example look at 8192-byte md5 between the two systems: 483213.62k vs. 33523.76k. 483213.62 / 33523.76 = 14.41 times faster on the PC. It's not just about clock speed either (PC = 2800MHz, router = 480MHz; 2800/480 = 5.8 times faster). My point is that people seem to think these routers are the equivalent of a desktop PC, performance-wise, and they are not (look at those threads where people are trying to do things like push 250-300mbit/sec across the WAN interface).
     
  12. blackjackel

    blackjackel LI Guru Member

    I know this thread is old as all hell but so far it seems to be the only one discussing cipher speeds... The following is a paste for RT-AC56U overclocked to 1200mhz CPU and 666MHZ ram:

    Code:
    root@STORAGE:/tmp/home/root# openssl speed
    Doing md4 for 3s on 16 size blocks: 2823990 md4's in 3.00s
    Doing md4 for 3s on 64 size blocks: 2252966 md4's in 3.00s
    Doing md4 for 3s on 256 size blocks: 1368372 md4's in 3.00s
    Doing md4 for 3s on 1024 size blocks: 537531 md4's in 3.00s
    Doing md4 for 3s on 8192 size blocks: 80715 md4's in 3.00s
    Doing md5 for 3s on 16 size blocks: 2073808 md5's in 3.00s
    Doing md5 for 3s on 64 size blocks: 1637780 md5's in 3.00s
    Doing md5 for 3s on 256 size blocks: 968414 md5's in 3.00s
    Doing md5 for 3s on 1024 size blocks: 372294 md5's in 3.00s
    Doing md5 for 3s on 8192 size blocks: 55027 md5's in 3.00s
    Doing hmac(md5) for 3s on 16 size blocks: 1846350 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 64 size blocks: 1445879 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 256 size blocks: 905458 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 1024 size blocks: 361840 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 8192 size blocks: 54822 hmac(md5)'s in 3.00s
    Doing sha1 for 3s on 16 size blocks: 1937726 sha1's in 3.00s
    Doing sha1 for 3s on 64 size blocks: 1357682 sha1's in 3.00s
    Doing sha1 for 3s on 256 size blocks: 683351 sha1's in 3.00s
    Doing sha1 for 3s on 1024 size blocks: 231518 sha1's in 3.00s
    Doing sha1 for 3s on 8192 size blocks: 32305 sha1's in 3.00s
    Doing sha256 for 3s on 16 size blocks: 2069717 sha256's in 2.99s
    Doing sha256 for 3s on 64 size blocks: 1174361 sha256's in 3.00s
    Doing sha256 for 3s on 256 size blocks: 511696 sha256's in 3.00s
    Doing sha256 for 3s on 1024 size blocks: 157113 sha256's in 3.00s
    Doing sha256 for 3s on 8192 size blocks: 21018 sha256's in 3.00s
    Doing sha512 for 3s on 16 size blocks: 531358 sha512's in 3.00s
    Doing sha512 for 3s on 64 size blocks: 529546 sha512's in 3.00s
    Doing sha512 for 3s on 256 size blocks: 187997 sha512's in 3.00s
    Doing sha512 for 3s on 1024 size blocks: 64479 sha512's in 3.00s
    Doing sha512 for 3s on 8192 size blocks: 9037 sha512's in 3.00s
    Doing whirlpool for 3s on 16 size blocks: 324580 whirlpool's in 3.00s
    Doing whirlpool for 3s on 64 size blocks: 164819 whirlpool's in 2.99s
    Doing whirlpool for 3s on 256 size blocks: 66942 whirlpool's in 2.97s
    Doing whirlpool for 3s on 1024 size blocks: 19863 whirlpool's in 2.95s
    Doing whirlpool for 3s on 8192 size blocks: 2626 whirlpool's in 2.96s
    Doing rc4 for 3s on 16 size blocks: 12438716 rc4's in 2.97s
    Doing rc4 for 3s on 64 size blocks: 3350886 rc4's in 2.99s
    Doing rc4 for 3s on 256 size blocks: 862538 rc4's in 3.00s
    Doing rc4 for 3s on 1024 size blocks: 217201 rc4's in 3.00s
    Doing rc4 for 3s on 8192 size blocks: 27206 rc4's in 3.00s
    Doing des cbc for 3s on 16 size blocks: 3240267 des cbc's in 3.00s
    Doing des cbc for 3s on 64 size blocks: 870872 des cbc's in 3.00s
    Doing des cbc for 3s on 256 size blocks: 221450 des cbc's in 3.00s
    Doing des cbc for 3s on 1024 size blocks: 55672 des cbc's in 3.00s
    Doing des cbc for 3s on 8192 size blocks: 6972 des cbc's in 3.00s
    Doing des ede3 for 3s on 16 size blocks: 1301408 des ede3's in 3.00s
    Doing des ede3 for 3s on 64 size blocks: 335642 des ede3's in 3.00s
    Doing des ede3 for 3s on 256 size blocks: 84623 des ede3's in 3.00s
    Doing des ede3 for 3s on 1024 size blocks: 21201 des ede3's in 3.00s
    Doing des ede3 for 3s on 8192 size blocks: 2652 des ede3's in 3.00s
    Doing aes-128 cbc for 3s on 16 size blocks: 7246307 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 64 size blocks: 2028958 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 256 size blocks: 526541 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 1024 size blocks: 132996 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 8192 size blocks: 16661 aes-128 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 16 size blocks: 6158972 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 1693187 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 256 size blocks: 436372 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 1024 size blocks: 109942 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 8192 size blocks: 13776 aes-192 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 16 size blocks: 5474730 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 64 size blocks: 1488257 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 256 size blocks: 382686 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 1024 size blocks: 96247 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 8192 size blocks: 12063 aes-256 cbc's in 3.00s
    Doing aes-128 ige for 3s on 16 size blocks: 6382713 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 64 size blocks: 1909791 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 256 size blocks: 504409 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 1024 size blocks: 127872 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 8192 size blocks: 16045 aes-128 ige's in 3.00s
    Doing aes-192 ige for 3s on 16 size blocks: 5610267 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 64 size blocks: 1614689 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 256 size blocks: 418487 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 1024 size blocks: 105622 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 8192 size blocks: 13285 aes-192 ige's in 3.00s
    Doing aes-256 ige for 3s on 16 size blocks: 5000079 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 64 size blocks: 1416414 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 256 size blocks: 364623 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 1024 size blocks: 91988 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 8192 size blocks: 11561 aes-256 ige's in 3.00s
    Doing ghash for 3s on 16 size blocks: 7178578 ghash's in 3.00s
    Doing ghash for 3s on 64 size blocks: 1999087 ghash's in 3.00s
    Doing ghash for 3s on 256 size blocks: 518020 ghash's in 3.00s
    Doing ghash for 3s on 1024 size blocks: 130716 ghash's in 3.00s
    Doing ghash for 3s on 8192 size blocks: 16383 ghash's in 3.00s
    Doing idea cbc for 3s on 16 size blocks: 3009198 idea cbc's in 3.00s
    Doing idea cbc for 3s on 64 size blocks: 807281 idea cbc's in 3.00s
    Doing idea cbc for 3s on 256 size blocks: 198107 idea cbc's in 3.00s
    Doing idea cbc for 3s on 1024 size blocks: 49765 idea cbc's in 3.00s
    Doing idea cbc for 3s on 8192 size blocks: 6235 idea cbc's in 3.00s
    Doing rc2 cbc for 3s on 16 size blocks: 2947971 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 64 size blocks: 798472 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 256 size blocks: 203310 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 1024 size blocks: 51048 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 8192 size blocks: 6381 rc2 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 16 size blocks: 7339563 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 64 size blocks: 2215250 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 256 size blocks: 583677 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 1024 size blocks: 148004 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 8192 size blocks: 18570 rc5-32/12 cbc's in 3.00s
    Doing blowfish cbc for 3s on 16 size blocks: 5914084 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 64 size blocks: 1706230 blowfish cbc's in 2.99s
    Doing blowfish cbc for 3s on 256 size blocks: 441550 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 1024 size blocks: 111575 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 8192 size blocks: 13989 blowfish cbc's in 3.00s
    Doing cast cbc for 3s on 16 size blocks: 4925191 cast cbc's in 3.00s
    Doing cast cbc for 3s on 64 size blocks: 1385779 cast cbc's in 3.00s
    Doing cast cbc for 3s on 256 size blocks: 357522 cast cbc's in 3.00s
    Doing cast cbc for 3s on 1024 size blocks: 90125 cast cbc's in 3.00s
    Doing cast cbc for 3s on 8192 size blocks: 11290 cast cbc's in 3.00s
    Doing 512 bit private rsa's for 10s: 12705 512 bit private RSA's in 10.00s
    Doing 512 bit public rsa's for 10s: 151561 512 bit public RSA's in 10.00s
    Doing 1024 bit private rsa's for 10s: 2280 1024 bit private RSA's in 10.00s
    Doing 1024 bit public rsa's for 10s: 46026 1024 bit public RSA's in 9.99s
    Doing 2048 bit private rsa's for 10s: 338 2048 bit private RSA's in 10.02s
    Doing 2048 bit public rsa's for 10s: 12565 2048 bit public RSA's in 10.00s
    Doing 4096 bit private rsa's for 10s: 49 4096 bit private RSA's in 10.16s
    Doing 4096 bit public rsa's for 10s: 3261 4096 bit public RSA's in 9.99s
    Doing 512 bit sign dsa's for 10s: 13831 512 bit DSA signs in 10.00s
    Doing 512 bit verify dsa's for 10s: 12586 512 bit DSA verify in 10.00s
    Doing 1024 bit sign dsa's for 10s: 4445 1024 bit DSA signs in 9.99s
    Doing 1024 bit verify dsa's for 10s: 3793 1024 bit DSA verify in 10.00s
    Doing 2048 bit sign dsa's for 10s: 1236 2048 bit DSA signs in 10.01s
    Doing 2048 bit verify dsa's for 10s: 1032 2048 bit DSA verify in 10.00s
    Doing 160 bit sign ecdsa's for 10s: 14902 160 bit ECDSA signs in 9.97s
    Doing 160 bit verify ecdsa's for 10s: 6245 160 bit ECDSA verify in 9.99s
    Doing 192 bit sign ecdsa's for 10s: 15606 192 bit ECDSA signs in 9.99s
    Doing 192 bit verify ecdsa's for 10s: 4374 192 bit ECDSA verify in 10.00s
    Doing 224 bit sign ecdsa's for 10s: 10787 224 bit ECDSA signs in 10.00s
    Doing 224 bit verify ecdsa's for 10s: 2934 224 bit ECDSA verify in 10.00s
    Doing 256 bit sign ecdsa's for 10s: 9054 256 bit ECDSA signs in 10.01s
    Doing 256 bit verify ecdsa's for 10s: 2453 256 bit ECDSA verify in 10.00s
    Doing 384 bit sign ecdsa's for 10s: 3503 384 bit ECDSA signs in 10.00s
    Doing 384 bit verify ecdsa's for 10s: 940 384 bit ECDSA verify in 10.00s
    Doing 521 bit sign ecdsa's for 10s: 1616 521 bit ECDSA signs in 10.00s
    Doing 521 bit verify ecdsa's for 10s: 431 521 bit ECDSA verify in 10.02s
    Doing 163 bit sign ecdsa's for 10s: 6023 163 bit ECDSA signs in 10.00s
    Doing 163 bit verify ecdsa's for 10s: 1866 163 bit ECDSA verify in 10.01s
    Doing 233 bit sign ecdsa's for 10s: 2943 233 bit ECDSA signs in 10.00s
    Doing 233 bit verify ecdsa's for 10s: 978 233 bit ECDSA verify in 10.01s
    Doing 283 bit sign ecdsa's for 10s: 1917 283 bit ECDSA signs in 10.00s
    Doing 283 bit verify ecdsa's for 10s: 527 283 bit ECDSA verify in 10.02s
    Doing 409 bit sign ecdsa's for 10s: 735 409 bit ECDSA signs in 10.01s
    Doing 409 bit verify ecdsa's for 10s: 231 409 bit ECDSA verify in 10.00s
    Doing 571 bit sign ecdsa's for 10s: 287 571 bit ECDSA signs in 10.01s
    Doing 571 bit verify ecdsa's for 10s: 100 571 bit ECDSA verify in 10.02s
    Doing 163 bit sign ecdsa's for 10s: 6059 163 bit ECDSA signs in 9.99s
    Doing 163 bit verify ecdsa's for 10s: 1719 163 bit ECDSA verify in 10.00s
    Doing 233 bit sign ecdsa's for 10s: 2960 233 bit ECDSA signs in 10.00s
    Doing 233 bit verify ecdsa's for 10s: 885 233 bit ECDSA verify in 10.01s
    Doing 283 bit sign ecdsa's for 10s: 1912 283 bit ECDSA signs in 10.00s
    Doing 283 bit verify ecdsa's for 10s: 467 283 bit ECDSA verify in 10.02s
    Doing 409 bit sign ecdsa's for 10s: 733 409 bit ECDSA signs in 10.01s
    Doing 409 bit verify ecdsa's for 10s: 202 409 bit ECDSA verify in 10.04s
    Doing 571 bit sign ecdsa's for 10s: 287 571 bit ECDSA signs in 10.02s
    Doing 571 bit verify ecdsa's for 10s: 87 571 bit ECDSA verify in 10.02s
    Doing 160 bit  ecdh's for 10s: 7313 160-bit ECDH ops in 10.01s
    Doing 192 bit  ecdh's for 10s: 5270 192-bit ECDH ops in 10.00s
    Doing 224 bit  ecdh's for 10s: 3507 224-bit ECDH ops in 10.00s
    Doing 256 bit  ecdh's for 10s: 2973 256-bit ECDH ops in 10.00s
    Doing 384 bit  ecdh's for 10s: 1123 384-bit ECDH ops in 10.00s
    Doing 521 bit  ecdh's for 10s: 509 521-bit ECDH ops in 10.02s
    Doing 163 bit  ecdh's for 10s: 3851 163-bit ECDH ops in 10.00s
    Doing 233 bit  ecdh's for 10s: 1996 233-bit ECDH ops in 10.01s
    Doing 283 bit  ecdh's for 10s: 1055 283-bit ECDH ops in 10.00s
    Doing 409 bit  ecdh's for 10s: 466 409-bit ECDH ops in 10.01s
    Doing 571 bit  ecdh's for 10s: 201 571-bit ECDH ops in 10.00s
    Doing 163 bit  ecdh's for 10s: 3604 163-bit ECDH ops in 10.00s
    Doing 233 bit  ecdh's for 10s: 1807 233-bit ECDH ops in 10.00s
    Doing 283 bit  ecdh's for 10s: 941 283-bit ECDH ops in 10.01s
    Doing 409 bit  ecdh's for 10s: 406 409-bit ECDH ops in 10.01s
    Doing 571 bit  ecdh's for 10s: 175 571-bit ECDH ops in 10.02s
    OpenSSL 1.0.2g  1 Mar 2016
    built on: reproducible build, date unspecified
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
    compiler: arm-brcm-linux-uclibcgnueabi-gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -ffunction-sections -fdata-sections -DOPENSSL_NO_ERR -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md2                  0.00         0.00         0.00         0.00         0.00
    mdc2                 0.00         0.00         0.00         0.00         0.00
    md4              15061.28k    48063.27k   116767.74k   183477.25k   220405.76k
    md5              11060.31k    34939.31k    82637.99k   127076.35k   150260.39k
    hmac(md5)         9847.20k    30845.42k    77265.75k   123508.05k   149700.61k
    sha1             10334.54k    28963.88k    58312.62k    79024.81k    88214.19k
    rmd160               0.00         0.00         0.00         0.00         0.00
    rc4              67009.92k    71724.65k    73603.24k    74137.94k    74290.52k
    des cbc          17281.42k    18578.60k    18897.07k    19002.71k    19038.21k
    des ede3          6940.84k     7160.36k     7221.16k     7236.61k     7241.73k
    idea cbc         16049.06k    17221.99k    16905.13k    16986.45k    17025.71k
    seed cbc             0.00         0.00         0.00         0.00         0.00
    rc2 cbc          15722.51k    17034.07k    17349.12k    17424.38k    17424.38k
    rc5-32/12 cbc    39144.34k    47258.67k    49807.10k    50518.70k    50708.48k
    blowfish cbc     31541.78k    36521.31k    37678.93k    38084.27k    38199.30k
    cast cbc         26267.69k    29563.29k    30508.54k    30762.67k    30829.23k
    aes-128 cbc      38646.97k    43284.44k    44931.50k    45395.97k    45495.64k
    aes-192 cbc      32847.85k    36121.32k    37237.08k    37526.87k    37617.66k
    aes-256 cbc      29198.56k    31749.48k    32655.87k    32852.31k    32940.03k
    camellia-128 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-192 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-256 cbc        0.00         0.00         0.00         0.00         0.00
    sha256           11075.41k    25053.03k    43664.73k    53627.90k    57393.15k
    sha512            2833.91k    11296.98k    16042.41k    22008.83k    24677.03k
    whirlpool         1731.09k     3527.90k     5770.08k     6894.82k     7267.63k
    aes-128 ige      34041.14k    40742.21k    43042.90k    43646.98k    43813.55k
    aes-192 ige      29921.42k    34446.70k    35710.89k    36052.31k    36276.91k
    aes-256 ige      26667.09k    30216.83k    31114.50k    31398.57k    31569.24k
    ghash            38285.75k    42647.19k    44204.37k    44617.73k    44736.51k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.000787s 0.000066s   1270.5  15156.1
    rsa 1024 bits 0.004386s 0.000217s    228.0   4607.2
    rsa 2048 bits 0.029645s 0.000796s     33.7   1256.5
    rsa 4096 bits 0.207347s 0.003063s      4.8    326.4
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.000723s 0.000795s   1383.1   1258.6
    dsa 1024 bits 0.002247s 0.002636s    444.9    379.3
    dsa 2048 bits 0.008099s 0.009690s    123.5    103.2
                                  sign    verify    sign/s verify/s
     160 bit ecdsa (secp160r1)   0.0007s   0.0016s   1494.7    625.1
     192 bit ecdsa (nistp192)   0.0006s   0.0023s   1562.2    437.4
     224 bit ecdsa (nistp224)   0.0009s   0.0034s   1078.7    293.4
     256 bit ecdsa (nistp256)   0.0011s   0.0041s    904.5    245.3
     384 bit ecdsa (nistp384)   0.0029s   0.0106s    350.3     94.0
     521 bit ecdsa (nistp521)   0.0062s   0.0232s    161.6     43.0
     163 bit ecdsa (nistk163)   0.0017s   0.0054s    602.3    186.4
     233 bit ecdsa (nistk233)   0.0034s   0.0102s    294.3     97.7
     283 bit ecdsa (nistk283)   0.0052s   0.0190s    191.7     52.6
     409 bit ecdsa (nistk409)   0.0136s   0.0433s     73.4     23.1
     571 bit ecdsa (nistk571)   0.0349s   0.1002s     28.7     10.0
     163 bit ecdsa (nistb163)   0.0016s   0.0058s    606.5    171.9
     233 bit ecdsa (nistb233)   0.0034s   0.0113s    296.0     88.4
     283 bit ecdsa (nistb283)   0.0052s   0.0215s    191.2     46.6
     409 bit ecdsa (nistb409)   0.0137s   0.0497s     73.2     20.1
     571 bit ecdsa (nistb571)   0.0349s   0.1152s     28.6      8.7
                                  op      op/s
     160 bit ecdh (secp160r1)   0.0014s    730.6
     192 bit ecdh (nistp192)   0.0019s    527.0
     224 bit ecdh (nistp224)   0.0029s    350.7
     256 bit ecdh (nistp256)   0.0034s    297.3
     384 bit ecdh (nistp384)   0.0089s    112.3
     521 bit ecdh (nistp521)   0.0197s     50.8
     163 bit ecdh (nistk163)   0.0026s    385.1
     233 bit ecdh (nistk233)   0.0050s    199.4
     283 bit ecdh (nistk283)   0.0095s    105.5
     409 bit ecdh (nistk409)   0.0215s     46.6
     571 bit ecdh (nistk571)   0.0498s     20.1
     163 bit ecdh (nistb163)   0.0028s    360.4
     233 bit ecdh (nistb233)   0.0055s    180.7
     283 bit ecdh (nistb283)   0.0106s     94.0
     409 bit ecdh (nistb409)   0.0247s     40.6
     571 bit ecdh (nistb571)   0.0573s     17.5
    
    I don't quite know how to interpret which is the fastest cypher for me so far
     
  13. maurer

    maurer LI Guru Member

    the fastest for you would be rc4-md5 but you should also paste the output of:
    openvpn --show-ciphers

    but if you don't care that much for encryption/security i suggest you try the pptp - it should be much faster than openvpn
     
  14. Nazgulled

    Nazgulled Reformed Router Member

    I'm also trying to optimize my VPN server a bit and I'm trying to figure out if my current cipher (AES-256-CBC) is the "best" one for my use case.

    Here are some outputs:

    Code:
    root@AC68U:/tmp/home/root# openvpn --show-ciphers
    The following ciphers and cipher modes are available
    for use with OpenVPN.  Each cipher shown below may be
    used as a parameter to the --cipher option.  The default
    key size is shown as well as whether or not it can be
    changed with the --keysize directive.  Using a CBC mode
    is recommended. In static key mode only CBC mode is allowed.
    
    DES-CFB 64 bit default key (fixed) (TLS client/server mode)
    DES-CBC 64 bit default key (fixed)
    IDEA-CBC 128 bit default key (fixed)
    IDEA-CFB 128 bit default key (fixed) (TLS client/server mode)
    RC2-CBC 128 bit default key (variable)
    RC2-CFB 128 bit default key (variable) (TLS client/server mode)
    RC2-OFB 128 bit default key (variable) (TLS client/server mode)
    DES-EDE-CBC 128 bit default key (fixed)
    DES-EDE3-CBC 192 bit default key (fixed)
    DES-OFB 64 bit default key (fixed) (TLS client/server mode)
    IDEA-OFB 128 bit default key (fixed) (TLS client/server mode)
    DES-EDE-CFB 128 bit default key (fixed) (TLS client/server mode)
    DES-EDE3-CFB 192 bit default key (fixed) (TLS client/server mode)
    DES-EDE-OFB 128 bit default key (fixed) (TLS client/server mode)
    DES-EDE3-OFB 192 bit default key (fixed) (TLS client/server mode)
    DESX-CBC 192 bit default key (fixed)
    BF-CBC 128 bit default key (variable)
    BF-CFB 128 bit default key (variable) (TLS client/server mode)
    BF-OFB 128 bit default key (variable) (TLS client/server mode)
    RC2-40-CBC 40 bit default key (variable)
    CAST5-CBC 128 bit default key (variable)
    CAST5-CFB 128 bit default key (variable) (TLS client/server mode)
    CAST5-OFB 128 bit default key (variable) (TLS client/server mode)
    RC5-CBC 128 bit default key (variable)
    RC5-CFB 128 bit default key (variable) (TLS client/server mode)
    RC5-OFB 128 bit default key (variable) (TLS client/server mode)
    RC2-64-CBC 64 bit default key (variable)
    AES-128-CBC 128 bit default key (fixed)
    AES-128-OFB 128 bit default key (fixed) (TLS client/server mode)
    AES-128-CFB 128 bit default key (fixed) (TLS client/server mode)
    AES-192-CBC 192 bit default key (fixed)
    AES-192-OFB 192 bit default key (fixed) (TLS client/server mode)
    AES-192-CFB 192 bit default key (fixed) (TLS client/server mode)
    AES-256-CBC 256 bit default key (fixed)
    AES-256-OFB 256 bit default key (fixed) (TLS client/server mode)
    AES-256-CFB 256 bit default key (fixed) (TLS client/server mode)
    AES-128-CFB1 128 bit default key (fixed) (TLS client/server mode)
    AES-192-CFB1 192 bit default key (fixed) (TLS client/server mode)
    AES-256-CFB1 256 bit default key (fixed) (TLS client/server mode)
    AES-128-CFB8 128 bit default key (fixed) (TLS client/server mode)
    AES-192-CFB8 192 bit default key (fixed) (TLS client/server mode)
    AES-256-CFB8 256 bit default key (fixed) (TLS client/server mode)
    DES-CFB1 64 bit default key (fixed) (TLS client/server mode)
    DES-CFB8 64 bit default key (fixed) (TLS client/server mode)
    DES-EDE3-CFB1 192 bit default key (fixed) (TLS client/server mode)
    DES-EDE3-CFB8 192 bit default key (fixed) (TLS client/server mode)
    My OpenSSL cipher speeds: https://pastebin.com/k9KppUwK

    I care about encryption and security but I also care about speed. But for me, speed > encryption/security, not by much though. Given all that, which cipher would you recommend me?
     
  15. maurer

    maurer LI Guru Member

    aes-128-cbc is the best
     
    Nazgulled likes this.
  16. Nazgulled

    Nazgulled Reformed Router Member

    Thank you :)
     

Share This Page