Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 07 Jun 2000 15:07:48 -0400
From:      "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
To:        Mark Murray <mark@grimreaper.grondar.za>
Cc:        Dan Moschuk <dan@FreeBSD.org>, Mark Murray <mark@grondar.za>, arch@FreeBSD.org
Subject:   Re: (2nd iteration) New /dev/(random|null|zero) - review, please
Message-ID:  <393E9D84.4026FC0E@vangelderen.org>
References:  <393D5D46.6BCACDE4@vangelderen.org> <200006070607.IAA24428@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help 
Mark Murray wrote:
> 
> > > Because of the significant speed decrease in using Yarrow, I'd like to see
> > > us keep the current implementation around, and having Yarrow as an
> > > option or psuedo-device to be used instead.
> >
> > Yarrow -when finished- is not noticably slower than our current
> > implementation of /dev/[u]random. Yarrow does one block encryption
> > for every output block and a generator gate every 10 blocks. This
> > would allow for at least 40 mbit/s output on a 200 Mhz PPro when
> > using Rijndael/256/256.
> 
> I tend to agree; I am currently using SHA1 and DES3, and it is quite
> slow, mostly in the proportion of DES3::MD5 speeds, which makes sense
> as the existing implementation uses MD5.

Rijndael is quite a bit faster than single DES which will do 28 Mbit/s
on a PPro 200. Assuming a generator gate every 10 blocks Rijndael would
do 11 encryptions per 10 blocks and hence run at least at 25.5 Mbit/s.
In reality we could see around 50 Mbit/s performance, depending on the
Rijndael implementation.

Of course I'm not counting reseeds but those can be done in a lazy
fashion. You can generate hundreds of MBytes before you *need* to
reseed, depending on your security policy.

So the bottleneck is not the PRNG mechanism, it's the security policy
and your entropy sources. If you require a reseed every hundred blocks 
or so it becomes much more expensive. But that holds for our current 
/dev/[u]random implementation too.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?393E9D84.4026FC0E>