1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN Encryption cipher

Discussion in 'Tomato Firmware' started by kyrios, Feb 15, 2013.

  1. kyrios

    kyrios Serious Server Member

    Which one has fastest response (ping) and highest throughout (Mbps/s)?

    AES-128-CBC
    AES-128-CFB
    AES-128-OFB
    BF-CBC
    BF-CFB
    BF-OFB
    CAST5-CBC
    CAST5-CFB
    CAST5-OFB
    RC2-40-CBC
    RC2-64-CBC
    RC2-CBC
    RC2-CFB
    RC2-OFB
    RC5-CBC
    RC5-CFB
    RC5-OFB
    ....
    ...
    ..
     
  2. koitsu

    koitsu Network Guru Member

    This may help a bit:

    http://www.linksysinfo.org/index.php?threads/openssl-assembler-acceleration.49216/#post-217933

    Focus on the "Before" column, as the thread is regarding improving OpenSSL speed by some assembly optimisations. "Before" then refers to stock OpenSSL that comes with TomatoUSB, i.e. 1.0.1c or something along those lines.

    And Shibby's own post too:

    http://www.linksysinfo.org/index.php?threads/openssl-assembler-acceleration.49216/#post-217926

    Basically what you want, because all of the encryption is done CPU-side, is the cipher that utilises the least amount of CPU time combined with the best throughput. Response time (what you call "ping") has no bearing and won't be impacted unless the CPU is maxed out. So I would be inclined to pick the cipher that uses the least CPU.

    In newer (non-stock) OpenSSL (usually installed via Entware) there is a command that can benchmark the ciphers for you: openssl speed. Yeah, that simple.

    I should note that the speed will vary depending on the model of router you have; for example, what cipher performs best (CPU-wise) on a WRT54G will not necessarily be the same as on an RT-N16, given the architecture difference (MIPSR1 vs. R2) and many other CPU-level differences. So what model of router do you have? If you have an RT-N16, I can run openssl speed and provide the results here, as that's the only router I currently have available.

    Here's an example of what the output can look like (this is on an x64 FreeBSD box, so these numbers are significantly higher/better than what you'll see on these generic consumer Broadcom routers, and available ciphers will probably differ as well):

    Code:
    $ openssl speed
    To get the most accurate results, try to run this
    program when this computer is idle.
    Doing md2 for 3s on 16 size blocks: 438737 md2's in 3.00s
    Doing md2 for 3s on 64 size blocks: 236733 md2's in 3.00s
    Doing md2 for 3s on 256 size blocks: 81546 md2's in 3.00s
    Doing md2 for 3s on 1024 size blocks: 22513 md2's in 3.00s
    Doing md2 for 3s on 8192 size blocks: 2903 md2's in 3.00s
    Doing mdc2 for 3s on 16 size blocks: 1626668 mdc2's in 3.00s
    Doing mdc2 for 3s on 64 size blocks: 444340 mdc2's in 3.00s
    Doing mdc2 for 3s on 256 size blocks: 113648 mdc2's in 3.00s
    Doing mdc2 for 3s on 1024 size blocks: 28570 mdc2's in 3.00s
    Doing mdc2 for 3s on 8192 size blocks: 3576 mdc2's in 3.00s
    Doing md4 for 3s on 16 size blocks: 5904878 md4's in 3.00s
    Doing md4 for 3s on 64 size blocks: 5231898 md4's in 3.00s
    Doing md4 for 3s on 256 size blocks: 3744619 md4's in 3.00s
    Doing md4 for 3s on 1024 size blocks: 1734983 md4's in 3.00s
    Doing md4 for 3s on 8192 size blocks: 291058 md4's in 3.00s
    Doing md5 for 3s on 16 size blocks: 4847209 md5's in 3.00s
    Doing md5 for 3s on 64 size blocks: 4119175 md5's in 3.00s
    Doing md5 for 3s on 256 size blocks: 2688390 md5's in 3.00s
    Doing md5 for 3s on 1024 size blocks: 1126748 md5's in 3.00s
    Doing md5 for 3s on 8192 size blocks: 177003 md5's in 3.00s
    Doing hmac(md5) for 3s on 16 size blocks: 4022141 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 64 size blocks: 3491140 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 256 size blocks: 2412330 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 1024 size blocks: 1077391 hmac(md5)'s in 3.00s
    Doing hmac(md5) for 3s on 8192 size blocks: 175272 hmac(md5)'s in 3.00s
    Doing sha1 for 3s on 16 size blocks: 4595032 sha1's in 3.00s
    Doing sha1 for 3s on 64 size blocks: 3661733 sha1's in 3.00s
    Doing sha1 for 3s on 256 size blocks: 2212417 sha1's in 3.00s
    Doing sha1 for 3s on 1024 size blocks: 851137 sha1's in 3.00s
    Doing sha1 for 3s on 8192 size blocks: 127281 sha1's in 3.00s
    Doing sha256 for 3s on 16 size blocks: 3606417 sha256's in 3.00s
    Doing sha256 for 3s on 64 size blocks: 2221248 sha256's in 3.00s
    Doing sha256 for 3s on 256 size blocks: 1016485 sha256's in 3.00s
    Doing sha256 for 3s on 1024 size blocks: 322344 sha256's in 3.00s
    Doing sha256 for 3s on 8192 size blocks: 43702 sha256's in 3.00s
    Doing sha512 for 3s on 16 size blocks: 2838445 sha512's in 3.00s
    Doing sha512 for 3s on 64 size blocks: 2851213 sha512's in 3.00s
    Doing sha512 for 3s on 256 size blocks: 1243092 sha512's in 3.00s
    Doing sha512 for 3s on 1024 size blocks: 460121 sha512's in 3.00s
    Doing sha512 for 3s on 8192 size blocks: 67352 sha512's in 3.00s
    Doing rmd160 for 3s on 16 size blocks: 3762779 rmd160's in 3.00s
    Doing rmd160 for 3s on 64 size blocks: 2700229 rmd160's in 3.00s
    Doing rmd160 for 3s on 256 size blocks: 1438349 rmd160's in 3.00s
    Doing rmd160 for 3s on 1024 size blocks: 501211 rmd160's in 3.00s
    Doing rmd160 for 3s on 8192 size blocks: 70796 rmd160's in 3.00s
    Doing rc4 for 3s on 16 size blocks: 63990645 rc4's in 3.00s
    Doing rc4 for 3s on 64 size blocks: 16545802 rc4's in 3.00s
    Doing rc4 for 3s on 256 size blocks: 4262950 rc4's in 3.00s
    Doing rc4 for 3s on 1024 size blocks: 1096544 rc4's in 3.00s
    Doing rc4 for 3s on 8192 size blocks: 138349 rc4's in 3.00s
    Doing des cbc for 3s on 16 size blocks: 8967222 des cbc's in 3.00s
    Doing des cbc for 3s on 64 size blocks: 2306907 des cbc's in 3.00s
    Doing des cbc for 3s on 256 size blocks: 580909 des cbc's in 3.00s
    Doing des cbc for 3s on 1024 size blocks: 145373 des cbc's in 3.00s
    Doing des cbc for 3s on 8192 size blocks: 18187 des cbc's in 3.00s
    Doing des ede3 for 3s on 16 size blocks: 3494674 des ede3's in 3.00s
    Doing des ede3 for 3s on 64 size blocks: 891101 des ede3's in 3.00s
    Doing des ede3 for 3s on 256 size blocks: 224174 des ede3's in 3.00s
    Doing des ede3 for 3s on 1024 size blocks: 56120 des ede3's in 3.00s
    Doing des ede3 for 3s on 8192 size blocks: 7016 des ede3's in 3.00s
    Doing aes-128 cbc for 3s on 16 size blocks: 25687303 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 64 size blocks: 6758895 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 256 size blocks: 1712950 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 1024 size blocks: 429880 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 8192 size blocks: 53239 aes-128 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 16 size blocks: 22952493 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 5986072 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 256 size blocks: 1514283 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 1024 size blocks: 379616 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 8192 size blocks: 46843 aes-192 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 16 size blocks: 20440449 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 64 size blocks: 5359607 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 256 size blocks: 1355484 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 1024 size blocks: 339740 aes-256 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 8192 size blocks: 42049 aes-256 cbc's in 3.00s
    Doing aes-128 ige for 3s on 16 size blocks: 26763469 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 64 size blocks: 7082478 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 256 size blocks: 1811474 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 1024 size blocks: 454473 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 8192 size blocks: 56766 aes-128 ige's in 3.00s
    Doing aes-192 ige for 3s on 16 size blocks: 23301177 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 64 size blocks: 6240958 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 256 size blocks: 1587572 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 1024 size blocks: 397433 aes-192 ige's in 3.00s
    Doing aes-192 ige for 3s on 8192 size blocks: 49663 aes-192 ige's in 3.00s
    Doing aes-256 ige for 3s on 16 size blocks: 20908948 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 64 size blocks: 5557526 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 256 size blocks: 1410854 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 1024 size blocks: 353219 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 8192 size blocks: 44134 aes-256 ige's in 3.00s
    Doing camellia-128 cbc for 3s on 16 size blocks: 15976264 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 64 size blocks: 4291706 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 256 size blocks: 1088391 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 1024 size blocks: 273100 camellia-128 cbc's in 3.00s
    Doing camellia-128 cbc for 3s on 8192 size blocks: 34157 camellia-128 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 16 size blocks: 12634919 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 64 size blocks: 3259391 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 256 size blocks: 825154 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 1024 size blocks: 206435 camellia-192 cbc's in 3.00s
    Doing camellia-192 cbc for 3s on 8192 size blocks: 25874 camellia-192 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 16 size blocks: 12634703 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 64 size blocks: 3266021 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 256 size blocks: 825032 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 1024 size blocks: 206317 camellia-256 cbc's in 3.00s
    Doing camellia-256 cbc for 3s on 8192 size blocks: 25855 camellia-256 cbc's in 3.00s
    Doing rc2 cbc for 3s on 16 size blocks: 5300701 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 64 size blocks: 1342288 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 256 size blocks: 337710 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 1024 size blocks: 84383 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 8192 size blocks: 10604 rc2 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 16 size blocks: 30327602 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 64 size blocks: 8312276 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 256 size blocks: 2119335 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 1024 size blocks: 527799 rc5-32/12 cbc's in 3.00s
    Doing rc5-32/12 cbc for 3s on 8192 size blocks: 66243 rc5-32/12 cbc's in 3.00s
    Doing blowfish cbc for 3s on 16 size blocks: 17222980 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 64 size blocks: 4573697 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 256 size blocks: 1161872 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 1024 size blocks: 291646 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 8192 size blocks: 36515 blowfish cbc's in 3.00s
    Doing cast cbc for 3s on 16 size blocks: 13822419 cast cbc's in 3.00s
    Doing cast cbc for 3s on 64 size blocks: 3661333 cast cbc's in 3.00s
    Doing cast cbc for 3s on 256 size blocks: 927691 cast cbc's in 3.00s
    Doing cast cbc for 3s on 1024 size blocks: 232884 cast cbc's in 3.00s
    Doing cast cbc for 3s on 8192 size blocks: 29121 cast cbc's in 3.00s
    Doing 512 bit private rsa's for 10s: 47584 512 bit private RSA's in 9.99s
    Doing 512 bit public rsa's for 10s: 683873 512 bit public RSA's in 10.00s
    Doing 1024 bit private rsa's for 10s: 12975 1024 bit private RSA's in 9.99s
    Doing 1024 bit public rsa's for 10s: 263564 1024 bit public RSA's in 9.99s
    Doing 2048 bit private rsa's for 10s: 2239 2048 bit private RSA's in 10.00s
    Doing 2048 bit public rsa's for 10s: 86018 2048 bit public RSA's in 10.00s
    Doing 4096 bit private rsa's for 10s: 364 4096 bit private RSA's in 10.01s
    Doing 4096 bit public rsa's for 10s: 24752 4096 bit public RSA's in 10.00s
    Doing 512 bit sign dsa's for 10s: 68020 512 bit DSA signs in 9.96s
    Doing 512 bit verify dsa's for 10s: 64409 512 bit DSA verify in 10.00s
    Doing 1024 bit sign dsa's for 10s: 26982 1024 bit DSA signs in 9.98s
    Doing 1024 bit verify dsa's for 10s: 21850 1024 bit DSA verify in 10.00s
    Doing 2048 bit sign dsa's for 10s: 8841 2048 bit DSA signs in 9.98s
    Doing 2048 bit verify dsa's for 10s: 7272 2048 bit DSA verify in 10.00s
    OpenSSL 0.9.8x-freebsd 10 May 2012
    built on: date not available
    options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
    compiler: cc
    available timing options: USE_TOD HZ=128 [sysconf value]
    timing function used: getrusage
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md2               2340.86k     5049.38k     6957.01k     7682.05k     7923.79k
    mdc2              8673.71k     9476.22k     9694.82k     9748.81k     9761.63k
    md4              31482.99k   111578.49k   319438.39k   592017.10k   794527.60k
    md5              25874.79k    87848.41k   229354.08k   384506.80k   483213.62k
    hmac(md5)        21446.21k    74460.85k   205804.41k   367662.20k   478548.47k
    sha1             24504.34k    78098.15k   188748.94k   290448.91k   347451.96k
    rmd160           20061.98k    57591.50k   122711.38k   171040.28k   193270.48k
    rc4             341202.35k   352895.47k   363676.57k   374167.66k   377665.79k
    des cbc          47810.03k    49198.27k    49555.32k    49611.75k    49653.23k
    des ede3         18651.82k    19004.12k    19123.31k    19149.43k    19152.43k
    idea cbc             0.00         0.00         0.00         0.00         0.00
    seed cbc             0.00         0.00         0.00         0.00         0.00
    rc2 cbc          28262.07k    28628.08k    28814.62k    28795.72k    28944.81k
    rc5-32/12 cbc   161707.43k   177271.71k   180791.89k   180097.64k   180828.18k
    blowfish cbc     91830.67k    97548.14k    99124.34k    99525.25k    99681.42k
    cast cbc         73696.38k    78083.48k    79137.59k    79465.59k    79494.20k
    aes-128 cbc     136975.85k   144155.16k   146136.42k   146695.89k   145331.84k
    aes-192 cbc     122374.42k   127662.44k   129177.39k   129533.88k   127871.49k
    aes-256 cbc     108981.62k   114301.55k   115630.77k   115927.18k   114784.23k
    camellia-128 cbc    85179.71k    91527.17k    92849.48k    93188.50k    93240.05k
    camellia-192 cbc    67423.23k    69519.10k    70396.11k    70446.00k    70636.46k
    camellia-256 cbc    67369.30k    69657.54k    70386.31k    70403.13k    70577.74k
    sha256           19228.12k    47371.59k    86712.45k   109991.77k   119295.67k
    sha512           15137.16k    60806.70k   106043.07k   157004.24k   183856.48k
    aes-128 ige     142705.92k   151045.44k   154529.46k   155077.21k   154965.84k
    aes-192 ige     124238.65k   133098.29k   135429.74k   135614.46k   135567.50k
    aes-256 ige     111480.42k   118531.04k   120363.47k   120537.57k   120477.01k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.000210s 0.000015s   4762.0  68382.3
    rsa 1024 bits 0.000770s 0.000038s   1298.3  26371.0
    rsa 2048 bits 0.004467s 0.000116s    223.9   8601.2
    rsa 4096 bits 0.027487s 0.000404s     36.4   2475.1
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.000146s 0.000155s   6828.4   6440.8
    dsa 1024 bits 0.000370s 0.000458s   2704.4   2184.9
    dsa 2048 bits 0.001129s 0.001375s    886.1    727.1
    
     
  3. kyrios

    kyrios Serious Server Member

    Mine is RT-N16 as well :).
    RT-N16 as server and E4200v1 as client.
    Please let me know the result koitsu. THX U
     
  4. koitsu

    koitsu Network Guru Member

    Will do. Be aware the numbers you'll see in a follow-up post are from an RT-N16 (original version, not rev A1), stock clock speeds (i.e. not overclocked), and with a very bare/slim number of features turned on in the firmware (i.e. QoS is disabled, CTF is unused, but FastNAT is enabled). Firmware used is Toastman's tomato-K26USB-1.28.0501.2MIPSR2Toastman-RT-N-Ext.trx. Numbers will vary depending what all you're doing, how much traffic is flowing at the time of the benchmark, etc..
     
  5. Mangix

    Mangix Networkin' Nut Member

    The following dump is results of openssl speed on a 300MHz broadcom CPU. For other Broadcom CPUs, just do frequency/300 * results to get very close estimates. Seriously, shibby posted benchmarks on an RT-N66U(600 MHz) and they are exactly 2x the results of these:
    Code:
    root@linksys:/tmp# openssl speed
    Doing md4 for 3s on 16 size blocks: 210538 md4's in 2.80s
    Doing md4 for 3s on 64 size blocks: 195678 md4's in 2.86s
    Doing md4 for 3s on 256 size blocks: 141547 md4's in 2.86s
    Doing md4 for 3s on 1024 size blocks: 66571 md4's in 2.86s
    Doing md4 for 3s on 8192 size blocks: 11737 md4's in 2.92s
    Doing md5 for 3s on 16 size blocks: 204233 md5's in 2.96s
    Doing md5 for 3s on 64 size blocks: 167521 md5's in 2.89s
    Doing md5 for 3s on 256 size blocks: 111736 md5's in 2.91s
    Doing md5 for 3s on 1024 size blocks: 47571 md5's in 2.92s
    Doing md5 for 3s on 8192 size blocks: 7441 md5's in 2.93s
    Doing hmac(md5) for 3s on 16 size blocks: 215459 hmac(md5)'s in 2.90s
    Doing hmac(md5) for 3s on 64 size blocks: 175270 hmac(md5)'s in 2.85s
    Doing hmac(md5) for 3s on 256 size blocks: 114984 hmac(md5)'s in 2.88s
    Doing hmac(md5) for 3s on 1024 size blocks: 49089 hmac(md5)'s in 2.91s
    Doing hmac(md5) for 3s on 8192 size blocks: 7632 hmac(md5)'s in 2.92s
    Doing sha1 for 3s on 16 size blocks: 201001 sha1's in 2.96s
    Doing sha1 for 3s on 64 size blocks: 147364 sha1's in 2.98s
    Doing sha1 for 3s on 256 size blocks: 82619 sha1's in 2.95s
    Doing sha1 for 3s on 1024 size blocks: 30039 sha1's in 2.99s
    Doing sha1 for 3s on 8192 size blocks: 4318 sha1's in 2.96s
    Doing sha256 for 3s on 16 size blocks: 167686 sha256's in 3.00s
    Doing sha256 for 3s on 64 size blocks: 101027 sha256's in 2.98s
    Doing sha256 for 3s on 256 size blocks: 46008 sha256's in 2.96s
    Doing sha256 for 3s on 1024 size blocks: 14078 sha256's in 2.91s
    Doing sha256 for 3s on 8192 size blocks: 1962 sha256's in 2.97s
    Doing sha512 for 3s on 16 size blocks: 51479 sha512's in 2.97s
    Doing sha512 for 3s on 64 size blocks: 51006 sha512's in 2.95s
    Doing sha512 for 3s on 256 size blocks: 18862 sha512's in 2.98s
    Doing sha512 for 3s on 1024 size blocks: 6533 sha512's in 2.97s
    Doing sha512 for 3s on 8192 size blocks: 919 sha512's in 2.99s
    Doing whirlpool for 3s on 16 size blocks: 37437 whirlpool's in 2.97s
    Doing whirlpool for 3s on 64 size blocks: 18925 whirlpool's in 2.99s
    Doing whirlpool for 3s on 256 size blocks: 7514 whirlpool's in 2.97s
    Doing whirlpool for 3s on 1024 size blocks: 2207 whirlpool's in 2.95s
    Doing whirlpool for 3s on 8192 size blocks: 228 whirlpool's in 2.40s
    Doing rc4 for 3s on 16 size blocks: 2479260 rc4's in 2.46s
    Doing rc4 for 3s on 64 size blocks: 809946 rc4's in 2.87s
    Doing rc4 for 3s on 256 size blocks: 210467 rc4's in 2.94s
    Doing rc4 for 3s on 1024 size blocks: 53664 rc4's in 2.91s
    Doing rc4 for 3s on 8192 size blocks: 6703 rc4's in 2.86s
    Doing des cbc for 3s on 16 size blocks: 497334 des cbc's in 2.95s
    Doing des cbc for 3s on 64 size blocks: 132276 des cbc's in 2.90s
    Doing des cbc for 3s on 256 size blocks: 34107 des cbc's in 2.96s
    Doing des cbc for 3s on 1024 size blocks: 8519 des cbc's in 2.93s
    Doing des cbc for 3s on 8192 size blocks: 1087 des cbc's in 2.98s
    Doing des ede3 for 3s on 16 size blocks: 190176 des ede3's in 2.97s
    Doing des ede3 for 3s on 64 size blocks: 49375 des ede3's in 2.98s
    Doing des ede3 for 3s on 256 size blocks: 12362 des ede3's in 2.99s
    Doing des ede3 for 3s on 1024 size blocks: 3107 des ede3's in 3.01s
    Doing des ede3 for 3s on 8192 size blocks: 389 des ede3's in 3.02s
    Doing aes-128 cbc for 3s on 16 size blocks: 854067 aes-128 cbc's in 3.02s
    Doing aes-128 cbc for 3s on 64 size blocks: 225684 aes-128 cbc's in 3.00s
    Doing aes-128 cbc for 3s on 256 size blocks: 57367 aes-128 cbc's in 3.02s
    Doing aes-128 cbc for 3s on 1024 size blocks: 14368 aes-128 cbc's in 3.01s
    Doing aes-128 cbc for 3s on 8192 size blocks: 1805 aes-128 cbc's in 3.02s
    Doing aes-192 cbc for 3s on 16 size blocks: 754690 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 198170 aes-192 cbc's in 3.02s
    Doing aes-192 cbc for 3s on 256 size blocks: 41500 aes-192 cbc's in 2.49s
    Doing aes-192 cbc for 3s on 1024 size blocks: 9606 aes-192 cbc's in 2.39s
    Doing aes-192 cbc for 3s on 8192 size blocks: 1505 aes-192 cbc's in 2.91s
    Doing aes-256 cbc for 3s on 16 size blocks: 653510 aes-256 cbc's in 2.91s
    Doing aes-256 cbc for 3s on 64 size blocks: 176576 aes-256 cbc's in 3.02s
    Doing aes-256 cbc for 3s on 256 size blocks: 44725 aes-256 cbc's in 3.01s
    Doing aes-256 cbc for 3s on 1024 size blocks: 10837 aes-256 cbc's in 2.94s
    Doing aes-256 cbc for 3s on 8192 size blocks: 1350 aes-256 cbc's in 2.95s
    Doing aes-128 ige for 3s on 16 size blocks: 786703 aes-128 ige's in 2.61s
    Doing aes-128 ige for 3s on 64 size blocks: 214546 aes-128 ige's in 2.57s
    Doing aes-128 ige for 3s on 256 size blocks: 50713 aes-128 ige's in 2.31s
    Doing aes-128 ige for 3s on 1024 size blocks: 16189 aes-128 ige's in 2.96s
    Doing aes-128 ige for 3s on 8192 size blocks: 2024 aes-128 ige's in 2.91s
    Doing aes-192 ige for 3s on 16 size blocks: 807450 aes-192 ige's in 2.85s
    Doing aes-192 ige for 3s on 64 size blocks: 212644 aes-192 ige's in 2.89s
    Doing aes-192 ige for 3s on 256 size blocks: 55073 aes-192 ige's in 2.87s
    Doing aes-192 ige for 3s on 1024 size blocks: 13864 aes-192 ige's in 2.86s
    Doing aes-192 ige for 3s on 8192 size blocks: 1743 aes-192 ige's in 2.86s
    Doing aes-256 ige for 3s on 16 size blocks: 719817 aes-256 ige's in 2.91s
    Doing aes-256 ige for 3s on 64 size blocks: 190896 aes-256 ige's in 2.91s
    Doing aes-256 ige for 3s on 256 size blocks: 47821 aes-256 ige's in 2.89s
    Doing aes-256 ige for 3s on 1024 size blocks: 12121 aes-256 ige's in 2.89s
    Doing aes-256 ige for 3s on 8192 size blocks: 1500 aes-256 ige's in 2.87s
    Doing ghash for 3s on 16 size blocks: 774335 ghash's in 2.88s
    Doing ghash for 3s on 64 size blocks: 202891 ghash's in 2.91s
    Doing ghash for 3s on 256 size blocks: 50629 ghash's in 2.93s
    Doing ghash for 3s on 1024 size blocks: 12802 ghash's in 2.90s
    Doing ghash for 3s on 8192 size blocks: 1600 ghash's in 2.92s
    Doing idea cbc for 3s on 16 size blocks: 702004 idea cbc's in 2.88s
    Doing idea cbc for 3s on 64 size blocks: 191325 idea cbc's in 2.93s
    Doing idea cbc for 3s on 256 size blocks: 48696 idea cbc's in 2.94s
    Doing idea cbc for 3s on 1024 size blocks: 12232 idea cbc's in 2.92s
    Doing idea cbc for 3s on 8192 size blocks: 1533 idea cbc's in 2.91s
    Doing rc2 cbc for 3s on 16 size blocks: 446532 rc2 cbc's in 2.89s
    Doing rc2 cbc for 3s on 64 size blocks: 115590 rc2 cbc's in 2.94s
    Doing rc2 cbc for 3s on 256 size blocks: 28690 rc2 cbc's in 2.89s
    Doing rc2 cbc for 3s on 1024 size blocks: 7214 rc2 cbc's in 2.89s
    Doing rc2 cbc for 3s on 8192 size blocks: 909 rc2 cbc's in 2.87s
    Doing rc5-32/12 cbc for 3s on 16 size blocks: 1459693 rc5-32/12 cbc's in 2.87s
    Doing rc5-32/12 cbc for 3s on 64 size blocks: 418134 rc5-32/12 cbc's in 2.90s
    Doing rc5-32/12 cbc for 3s on 256 size blocks: 107362 rc5-32/12 cbc's in 2.91s
    Doing rc5-32/12 cbc for 3s on 1024 size blocks: 27905 rc5-32/12 cbc's in 2.99s
    Doing rc5-32/12 cbc for 3s on 8192 size blocks: 3441 rc5-32/12 cbc's in 2.95s
    Doing blowfish cbc for 3s on 16 size blocks: 1129240 blowfish cbc's in 2.99s
    Doing blowfish cbc for 3s on 64 size blocks: 302445 blowfish cbc's in 2.98s
    Doing blowfish cbc for 3s on 256 size blocks: 77368 blowfish cbc's in 2.99s
    Doing blowfish cbc for 3s on 1024 size blocks: 18799 blowfish cbc's in 2.93s
    Doing blowfish cbc for 3s on 8192 size blocks: 2437 blowfish cbc's in 2.98s
    Doing cast cbc for 3s on 16 size blocks: 898691 cast cbc's in 2.97s
    Doing cast cbc for 3s on 64 size blocks: 241981 cast cbc's in 2.96s
    Doing cast cbc for 3s on 256 size blocks: 61527 cast cbc's in 2.98s
    Doing cast cbc for 3s on 1024 size blocks: 15469 cast cbc's in 2.98s
    Doing cast cbc for 3s on 8192 size blocks: 1939 cast cbc's in 2.98s
    Doing 512 bit private rsa's for 10s: 1266 512 bit private RSA's in 9.91s
    Doing 512 bit public rsa's for 10s: 16700 512 bit public RSA's in 9.96s
    Doing 1024 bit private rsa's for 10s: 264 1024 bit private RSA's in 9.26s
    Doing 1024 bit public rsa's for 10s: 5584 1024 bit public RSA's in 9.60s
    Doing 2048 bit private rsa's for 10s: 48 2048 bit private RSA's in 9.83s
    Doing 2048 bit public rsa's for 10s: 1766 2048 bit public RSA's in 9.92s
    Doing 4096 bit private rsa's for 10s: 8 4096 bit private RSA's in 10.90s
    Doing 4096 bit public rsa's for 10s: 484 4096 bit public RSA's in 10.02s
    Doing 512 bit sign dsa's for 10s: 1578 512 bit DSA signs in 9.89s
    Doing 512 bit verify dsa's for 10s: 1411 512 bit DSA verify in 9.85s
    Doing 1024 bit sign dsa's for 10s: 498 1024 bit DSA signs in 8.51s
    Doing 1024 bit verify dsa's for 10s: 475 1024 bit DSA verify in 9.57s
    Doing 2048 bit sign dsa's for 10s: 171 2048 bit DSA signs in 9.55s
    Doing 2048 bit verify dsa's for 10s: 141 2048 bit DSA verify in 9.74s
    OpenSSL 1.0.1c 10 May 2012
    built on: Mon Jan 21 10:20:56 CET 2013
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) idea(int) blowfish(ptr)
    compiler: mipsel-uclibc-gcc -fPIC -DOPENSSL_PIC -DDSO_DLFCN -DHAVE_DLFCN_H -ffunction-sections -fdata-sections -DOPENSSL_NO_ERR -DL_ENDIAN -DTERMIO -Os -DLINUX26 -DCONFIG_BCMWL5 -pipe -DBCMWPA2 -funit-at-a-time -Wno-pointer-sign -mtune=mips32 -mips32 -DCONFIG_NVRAM_SIZE=60  -DOPENSSL_SMALL_FOOTPRINT -fomit-frame-pointer -Wall -DSHA1_ASM -DSHA256_ASM -DAES_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
    md2                  0.00        0.00        0.00        0.00        0.00
    mdc2                0.00        0.00        0.00        0.00        0.00
    md4              1203.07k    4378.81k    12669.94k    23835.21k    32927.91k
    md5              1103.96k    3709.81k    9829.70k    16682.43k    20804.32k
    hmac(md5)        1188.74k    3935.89k    10220.80k    17273.93k    21411.42k
    sha1              1086.49k    3164.86k    7169.65k    10287.60k    11950.36k
    rmd160              0.00        0.00        0.00        0.00        0.00
    rc4              16125.27k    18061.51k    18326.38k    18883.83k    19199.64k
    des cbc          2697.40k    2919.19k    2949.79k    2977.29k    2988.16k
    des ede3          1024.52k    1060.40k    1058.42k    1057.00k    1055.19k
    idea cbc          3900.02k    4179.11k    4240.20k    4289.58k    4315.58k
    seed cbc            0.00        0.00        0.00        0.00        0.00
    rc2 cbc          2472.15k    2516.24k    2541.40k    2556.10k    2594.61k
    rc5-32/12 cbc    8137.66k    9227.78k    9444.90k    9556.76k    9555.48k
    blowfish cbc      6042.76k    6495.46k    6624.15k    6570.03k    6699.30k
    cast cbc          4841.43k    5232.02k    5285.54k    5315.52k    5330.30k
    aes-128 cbc      4524.86k    4814.59k    4862.90k    4887.98k    4896.21k
    aes-192 cbc      4025.01k    4199.63k    4266.67k    4115.71k    4236.76k
    aes-256 cbc      3593.18k    3742.01k    3803.85k    3774.52k    3748.88k
    camellia-128 cbc        0.00        0.00        0.00        0.00        0.00
    camellia-192 cbc        0.00        0.00        0.00        0.00        0.00
    camellia-256 cbc        0.00        0.00        0.00        0.00        0.00
    sha256            894.33k    2169.71k    3979.07k    4953.91k    5411.68k
    sha512            277.33k    1106.57k    1620.36k    2252.46k    2517.88k
    whirlpool          201.68k      405.08k      647.67k      766.09k      778.24k
    aes-128 ige      4822.70k    5342.78k    5620.14k    5600.52k    5697.80k
    aes-192 ige      4533.05k    4709.07k    4912.43k    4963.89k    4992.54k
    aes-256 ige      3957.76k    4198.40k    4236.05k    4294.78k    4281.53k
    ghash            4301.86k    4462.21k    4423.56k    4520.43k    4488.77k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.007828s 0.000596s    127.7  1676.7
    rsa 1024 bits 0.035076s 0.001719s    28.5    581.7
    rsa 2048 bits 0.204792s 0.005617s      4.9    178.0
    rsa 4096 bits 1.362500s 0.020702s      0.7    48.3
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.006267s 0.006981s    159.6    143.2
    dsa 1024 bits 0.017088s 0.020147s    58.5    49.6
    dsa 2048 bits 0.055848s 0.069078s    17.9    14.5
    One question I have: Why are there all these ciphers even supported? You could save on firmware size by supporting the AES modes and nothing else.
     
  6. koitsu

    koitsu Network Guru Member

    Here you go:

    Code:
    root@gw:/tmp/home/root# /opt/bin/openssl speed
    Doing md4 for 3s on 16 size blocks: 336174 md4's in 2.99s
    Doing md4 for 3s on 64 size blocks: 312178 md4's in 2.96s
    Doing md4 for 3s on 256 size blocks: 218649 md4's in 2.99s
    Doing md4 for 3s on 1024 size blocks: 115972 md4's in 3.00s
    Doing md4 for 3s on 8192 size blocks: 19989 md4's in 3.01s
    Doing md5 for 3s on 16 size blocks: 337694 md5's in 2.96s
    Doing md5 for 3s on 64 size blocks: 283963 md5's in 2.99s
    Doing md5 for 3s on 256 size blocks: 185711 md5's in 3.00s
    Doing md5 for 3s on 1024 size blocks: 78017 md5's in 2.99s
    Doing md5 for 3s on 8192 size blocks: 12154 md5's in 2.97s
    Doing hmac(md5) for 3s on 16 size blocks: 358087 hmac(md5)'s in 2.99s
    Doing hmac(md5) for 3s on 64 size blocks: 294737 hmac(md5)'s in 2.99s
    Doing hmac(md5) for 3s on 256 size blocks: 190694 hmac(md5)'s in 2.99s
    Doing hmac(md5) for 3s on 1024 size blocks: 78927 hmac(md5)'s in 2.98s
    Doing hmac(md5) for 3s on 8192 size blocks: 12049 hmac(md5)'s in 2.95s
    Doing sha1 for 3s on 16 size blocks: 322368 sha1's in 2.99s
    Doing sha1 for 3s on 64 size blocks: 238212 sha1's in 2.99s
    Doing sha1 for 3s on 256 size blocks: 132968 sha1's in 2.95s
    Doing sha1 for 3s on 1024 size blocks: 48175 sha1's in 2.97s
    Doing sha1 for 3s on 8192 size blocks: 6940 sha1's in 2.97s
    Doing sha256 for 3s on 16 size blocks: 273020 sha256's in 2.97s
    Doing sha256 for 3s on 64 size blocks: 163480 sha256's in 2.96s
    Doing sha256 for 3s on 256 size blocks: 73999 sha256's in 2.97s
    Doing sha256 for 3s on 1024 size blocks: 23258 sha256's in 2.98s
    Doing sha256 for 3s on 8192 size blocks: 3147 sha256's in 3.00s
    Doing sha512 for 3s on 16 size blocks: 87727 sha512's in 3.00s
    Doing sha512 for 3s on 64 size blocks: 87991 sha512's in 2.97s
    Doing sha512 for 3s on 256 size blocks: 32778 sha512's in 2.98s
    Doing sha512 for 3s on 1024 size blocks: 11375 sha512's in 2.98s
    Doing sha512 for 3s on 8192 size blocks: 1604 sha512's in 2.98s
    Doing whirlpool for 3s on 16 size blocks: 92833 whirlpool's in 2.99s
    Doing whirlpool for 3s on 64 size blocks: 46506 whirlpool's in 3.01s
    Doing whirlpool for 3s on 256 size blocks: 18404 whirlpool's in 3.00s
    Doing whirlpool for 3s on 1024 size blocks: 5385 whirlpool's in 3.01s
    Doing whirlpool for 3s on 8192 size blocks: 707 whirlpool's in 2.99s
    Doing rc4 for 3s on 16 size blocks: 4724984 rc4's in 3.00s
    Doing rc4 for 3s on 64 size blocks: 1290501 rc4's in 3.01s
    Doing rc4 for 3s on 256 size blocks: 334980 rc4's in 3.00s
    Doing rc4 for 3s on 1024 size blocks: 84606 rc4's in 3.01s
    Doing rc4 for 3s on 8192 size blocks: 10593 rc4's in 3.00s
    Doing des cbc for 3s on 16 size blocks: 720696 des cbc's in 2.99s
    Doing des cbc for 3s on 64 size blocks: 188285 des cbc's in 2.98s
    Doing des cbc for 3s on 256 size blocks: 47386 des cbc's in 2.97s
    Doing des cbc for 3s on 1024 size blocks: 11878 des cbc's in 2.99s
    Doing des cbc for 3s on 8192 size blocks: 1486 des cbc's in 2.97s
    Doing des ede3 for 3s on 16 size blocks: 261309 des ede3's in 2.96s
    Doing des ede3 for 3s on 64 size blocks: 67324 des ede3's in 2.95s
    Doing des ede3 for 3s on 256 size blocks: 16932 des ede3's in 2.92s
    Doing des ede3 for 3s on 1024 size blocks: 4236 des ede3's in 2.95s
    Doing des ede3 for 3s on 8192 size blocks: 530 des ede3's in 2.98s
    Doing aes-128 cbc for 3s on 16 size blocks: 1442259 aes-128 cbc's in 3.01s
    Doing aes-128 cbc for 3s on 64 size blocks: 382129 aes-128 cbc's in 2.99s
    Doing aes-128 cbc for 3s on 256 size blocks: 97228 aes-128 cbc's in 2.99s
    Doing aes-128 cbc for 3s on 1024 size blocks: 24405 aes-128 cbc's in 2.97s
    Doing aes-128 cbc for 3s on 8192 size blocks: 3055 aes-128 cbc's in 3.01s
    Doing aes-192 cbc for 3s on 16 size blocks: 1269917 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 64 size blocks: 333413 aes-192 cbc's in 3.01s
    Doing aes-192 cbc for 3s on 256 size blocks: 84401 aes-192 cbc's in 3.01s
    Doing aes-192 cbc for 3s on 1024 size blocks: 21232 aes-192 cbc's in 3.00s
    Doing aes-192 cbc for 3s on 8192 size blocks: 2657 aes-192 cbc's in 3.00s
    Doing aes-256 cbc for 3s on 16 size blocks: 1120551 aes-256 cbc's in 2.98s
    Doing aes-256 cbc for 3s on 64 size blocks: 294677 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 256 size blocks: 74649 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 1024 size blocks: 18681 aes-256 cbc's in 2.97s
    Doing aes-256 cbc for 3s on 8192 size blocks: 2338 aes-256 cbc's in 2.97s
    Doing aes-128 ige for 3s on 16 size blocks: 1513563 aes-128 ige's in 2.95s
    Doing aes-128 ige for 3s on 64 size blocks: 414807 aes-128 ige's in 3.00s
    Doing aes-128 ige for 3s on 256 size blocks: 106801 aes-128 ige's in 2.98s
    Doing aes-128 ige for 3s on 1024 size blocks: 26870 aes-128 ige's in 2.98s
    Doing aes-128 ige for 3s on 8192 size blocks: 3360 aes-128 ige's in 3.01s
    Doing aes-192 ige for 3s on 16 size blocks: 1316900 aes-192 ige's in 2.99s
    Doing aes-192 ige for 3s on 64 size blocks: 355616 aes-192 ige's in 2.97s
    Doing aes-192 ige for 3s on 256 size blocks: 91207 aes-192 ige's in 2.99s
    Doing aes-192 ige for 3s on 1024 size blocks: 22937 aes-192 ige's in 2.95s
    Doing aes-192 ige for 3s on 8192 size blocks: 2866 aes-192 ige's in 2.95s
    Doing aes-256 ige for 3s on 16 size blocks: 1166318 aes-256 ige's in 2.99s
    Doing aes-256 ige for 3s on 64 size blocks: 313015 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 256 size blocks: 79986 aes-256 ige's in 3.00s
    Doing aes-256 ige for 3s on 1024 size blocks: 20093 aes-256 ige's in 2.99s
    Doing aes-256 ige for 3s on 8192 size blocks: 2513 aes-256 ige's in 2.96s
    Doing ghash for 3s on 16 size blocks: 1535229 ghash's in 3.00s
    Doing ghash for 3s on 64 size blocks: 408119 ghash's in 3.00s
    Doing ghash for 3s on 256 size blocks: 103761 ghash's in 2.96s
    Doing ghash for 3s on 1024 size blocks: 26113 ghash's in 3.01s
    Doing ghash for 3s on 8192 size blocks: 3267 ghash's in 3.00s
    Doing seed cbc for 3s on 16 size blocks: 901141 seed cbc's in 2.99s
    Doing seed cbc for 3s on 64 size blocks: 236383 seed cbc's in 2.98s
    Doing seed cbc for 3s on 256 size blocks: 59708 seed cbc's in 2.99s
    Doing seed cbc for 3s on 1024 size blocks: 14964 seed cbc's in 3.00s
    Doing seed cbc for 3s on 8192 size blocks: 1870 seed cbc's in 3.00s
    Doing rc2 cbc for 3s on 16 size blocks: 689498 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 64 size blocks: 176198 rc2 cbc's in 3.00s
    Doing rc2 cbc for 3s on 256 size blocks: 44421 rc2 cbc's in 2.99s
    Doing rc2 cbc for 3s on 1024 size blocks: 11135 rc2 cbc's in 2.99s
    Doing rc2 cbc for 3s on 8192 size blocks: 1392 rc2 cbc's in 2.98s
    Doing blowfish cbc for 3s on 16 size blocks: 1716212 blowfish cbc's in 2.98s
    Doing blowfish cbc for 3s on 64 size blocks: 471055 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 256 size blocks: 121136 blowfish cbc's in 2.98s
    Doing blowfish cbc for 3s on 1024 size blocks: 30494 blowfish cbc's in 3.00s
    Doing blowfish cbc for 3s on 8192 size blocks: 3818 blowfish cbc's in 2.98s
    Doing cast cbc for 3s on 16 size blocks: 1396971 cast cbc's in 3.00s
    Doing cast cbc for 3s on 64 size blocks: 375141 cast cbc's in 2.98s
    Doing cast cbc for 3s on 256 size blocks: 95768 cast cbc's in 2.97s
    Doing cast cbc for 3s on 1024 size blocks: 24044 cast cbc's in 2.95s
    Doing cast cbc for 3s on 8192 size blocks: 3006 cast cbc's in 2.95s
    Doing 512 bit private rsa's for 10s: 2315 512 bit private RSA's in 9.91s
    Doing 512 bit public rsa's for 10s: 28170 512 bit public RSA's in 9.92s
    Doing 1024 bit private rsa's for 10s: 483 1024 bit private RSA's in 9.93s
    Doing 1024 bit public rsa's for 10s: 9578 1024 bit public RSA's in 9.93s
    Doing 2048 bit private rsa's for 10s: 80 2048 bit private RSA's in 9.99s
    Doing 2048 bit public rsa's for 10s: 2842 2048 bit public RSA's in 9.88s
    Doing 4096 bit private rsa's for 10s: 12 4096 bit private RSA's in 10.04s
    Doing 4096 bit public rsa's for 10s: 776 4096 bit public RSA's in 9.89s
    Doing 512 bit sign dsa's for 10s: 2695 512 bit DSA signs in 9.69s
    Doing 512 bit verify dsa's for 10s: 2498 512 bit DSA verify in 9.98s
    Doing 1024 bit sign dsa's for 10s: 953 1024 bit DSA signs in 9.95s
    Doing 1024 bit verify dsa's for 10s: 796 1024 bit DSA verify in 9.89s
    Doing 2048 bit sign dsa's for 10s: 286 2048 bit DSA signs in 9.93s
    Doing 2048 bit verify dsa's for 10s: 236 2048 bit DSA verify in 9.97s
    OpenSSL 1.0.1c 10 May 2012
    built on: Mon Dec 10 11:09:03 MSK 2012
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(ptr)
    compiler: mipsel-uclibc-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/god/BuildRepo/openwrt_trunk/staging_dir/target-mipsel-linux-gnu/opt/include -I/home/god/BuildRepo/openwrt_trunk/staging_dir/target-mipsel-linux-gnu/include -I/opt/entware-toolchain/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIO -O2 -pipe -mips32 -mtune=mips32 -fpic -fomit-frame-pointer -Wall -DSHA1_ASM -DSHA256_ASM -DAES_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md2                  0.00         0.00         0.00         0.00         0.00
    mdc2                 0.00         0.00         0.00         0.00         0.00
    md4               1798.92k     6749.79k    18720.45k    39585.11k    54401.96k
    md5               1825.37k     6078.14k    15847.34k    26718.87k    33523.76k
    hmac(md5)         1916.18k     6308.75k    16326.98k    27121.22k    33459.46k
    sha1              1725.05k     5098.85k    11538.92k    16609.83k    19142.25k
    rmd160               0.00         0.00         0.00         0.00         0.00
    rc4              25199.91k    27439.22k    28584.96k    28782.90k    28925.95k
    des cbc           3856.57k     4043.70k     4084.45k     4067.92k     4098.76k
    des ede3          1412.48k     1460.59k     1484.45k     1470.39k     1456.97k
    idea cbc             0.00         0.00         0.00         0.00         0.00
    seed cbc          4822.16k     5076.68k     5112.12k     5107.71k     5106.35k
    rc2 cbc           3677.32k     3758.89k     3803.27k     3813.46k     3826.60k
    rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00
    blowfish cbc      9214.56k    10049.17k    10406.31k    10408.62k    10495.66k
    cast cbc          7450.51k     8056.72k     8254.75k     8346.12k     8347.51k
    aes-128 cbc       7666.49k     8179.35k     8324.54k     8414.38k     8314.47k
    aes-192 cbc       6772.89k     7089.18k     7178.29k     7247.19k     7255.38k
    aes-256 cbc       6016.38k     6307.47k     6391.35k     6440.86k     6448.79k
    camellia-128 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-192 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-256 cbc        0.00         0.00         0.00         0.00         0.00
    sha256            1470.81k     3534.70k     6378.36k     7992.01k     8593.41k
    sha512             467.88k     1896.10k     2815.83k     3908.72k     4409.39k
    whirlpool          496.77k      988.83k     1570.47k     1831.97k     1937.04k
    aes-128 ige       8209.16k     8849.22k     9174.85k     9233.18k     9144.56k
    aes-192 ige       7046.96k     7663.11k     7809.03k     7961.86k     7958.74k
    aes-256 ige       6241.17k     6677.65k     6825.47k     6881.35k     6954.90k
    ghash             8187.89k     8706.54k     8973.92k     8883.63k     8921.09k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.004281s 0.000352s    233.6   2839.7
    rsa 1024 bits 0.020559s 0.001037s     48.6    964.6
    rsa 2048 bits 0.124875s 0.003476s      8.0    287.7
    rsa 4096 bits 0.836667s 0.012745s      1.2     78.5
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.003596s 0.003995s    278.1    250.3
    dsa 1024 bits 0.010441s 0.012425s     95.8     80.5
    dsa 2048 bits 0.034720s 0.042246s     28.8     23.7
    
    These numbers include/reflect use of the MIPS assembly optimisation patches. This is verified by the -DSHA1_ASM -DSHA256_ASM -DAES_ASM compiler options shown in the output. Shibby v105 or newer should have these too.

    I don't have much familiarity with messing about with OpenVPN ciphers (I have used OpenVPN but not on these routers and I used the stock/default cipher, whatever that was). But you should be able to discern what's what. And if you do have a choice between RSA and DSA (unlikely but possible), stick with RSA (key generation/signing is slower, but verification is way, way faster).

    Entries with "0.00" indicate the cipher is unavailable/not compiled in to OpenSSL. Please do not beg/discuss this; there may be reasons for this (for example, the IDEA cipher is generally not available because of legal/law restrictions in the USA). Do not complain, just go with what's available, and use whichever one is best given the options you have available (again: I'm not familiar with cipher selection in OpenVPN).

    Footnote: this should give you some idea of just how much slower these routers are compared to a standard desktop PC. The x64 FreeBSD box the earlier benchmarks were from, by the way, is a Core 2 Quad Q9550 @ stock 2.8GHz. So when I tell people "these routers are not high-performance blazing-fast devices", this acts as confirmation.
     
  7. kyrios

    kyrios Serious Server Member

    @koitsu & @Mangix
    I do openVPN for cardsharing. For fastest response, which chiper I shall use?
    Sorry, I'm kinda newbie to understand the tables both of you provide
     
  8. koitsu

    koitsu Network Guru Member

    Outside the topic of this thread, honestly (let's not confuse the guy :p).

    I strongly doubt adding tons of no-{ciphername} entries to the OpenSSL Configure call would truly save a substantial amount of firmware space. I don't use VPN firmwares so I can't see what the size of libssl and libcrypto are on them. I can tell what size they are in Entware:

    Code:
    root@gw:/tmp/home/root# ls -l /opt/lib/libssl.so.1.0.0 /opt/lib/libcrypto.so.1.0.0
    -rw-r--r--    1 1501     1501       1452752 Dec  9 23:10 /opt/lib/libcrypto.so.1.0.0
    -rw-r--r--    1 1501     1501        334912 Dec  9 23:10 /opt/lib/libssl.so.1.0.0
    
    So rather than get all uppity, go try it and report back the savings. I've looked at objdump -T, which is not a full analysis, but to me it looks like the savings would be minimal. Most of the space is taken up by the .text segment (looked at via objdump -i and objdump -s), which should come as no surprise. It's difficult to break down the usage more than that due to how ELF and ld.so works and so on.
     
  9. koitsu

    koitsu Network Guru Member

    What the numbers mean in the table at the bottom of the output is documented/described (read it slowly). "Figuring out" which is best is left as an exercise for you. I'm a little shocked that you'd ask what cipher to use then later admit you have absolutely no familiarity with this. *shakes head* :-/
     
  10. Mangix

    Mangix Networkin' Nut Member

    According to my benchmark, RC5-OCB is the fastest. That being said, I would stick with AES-OFB as that's probably the most secure and most trusted.

    As far as I know, there are no issues with the other ciphers but I still would not use them.

    Actually on second thought, OpenSSL shows RC5 as rc5-32/12 cbc meaning....12 round RC5 at 32-bit block size? This is totally insecure. RC2 and Blowfish have a 64-bit block size so no. Only CAST5 and AES have 128-bit.

    Bottom line: Use AES-OFB.

    @Koitsu
    Just realized after glazing at your desktop computer results: those numbers are actually not a very good comparison as x86 is a much different architecture than MIPS. As a result, there are discrepancies in performance. For example, AES is faster than blowfish whereas the reverse is true on MIPS.
     
  11. koitsu

    koitsu Network Guru Member

    Re: architectural differences: yes that's a valid point. My statement was referring to the magnitude of difference on a general level. For example look at 8192-byte md5 between the two systems: 483213.62k vs. 33523.76k. 483213.62 / 33523.76 = 14.41 times faster on the PC. It's not just about clock speed either (PC = 2800MHz, router = 480MHz; 2800/480 = 5.8 times faster). My point is that people seem to think these routers are the equivalent of a desktop PC, performance-wise, and they are not (look at those threads where people are trying to do things like push 250-300mbit/sec across the WAN interface).
     

Share This Page