Okay, thanks. I hope that folks (end-users & customers) appreciate the
need/desire to move towards AES in the future. AES is more CPU
intensive, but has a number of benefits that RC4 lacks....
-- Garrett
Dan Anderson wrote:
> On Mon, 16 Mar 2009, Garrett D'Amore wrote:
>
>> Just out of curiosity, why are we spending much time optimizing RC4?
>> RC4 is already pretty darn fast -- even without the best optimizations,
>> and frankly I'd think we'd see much better payoff working on AES
>> optimization. (Esp. given RC4 is not FIPS certifiable, and that most of
>> the crypto protocols are moving away from RC4 towards AES. E.g. WPA2
>> vs. TKIP vs. WEP.)
>>
>
> Garrett,
> FYI I've added 64-bit assembly for AES and more work is planned.
>
> (snip)
>
>> Is this work just to accelerate some kind of "micro" benchmark?
>>
>
> The benchmark is SPECweb2005-banking.
>
>
>> Because I strongly doubt that RC4 optimization will have a significant
>> impact on
>> any real-world use. For https transactions, I believe the RSA or DSA
>> handshaking tends to dominate.
>> -- Garrett
>>
>
> True, For SSL/HTTPS, RSA dominates and is the most important, but it's
> followed by significant time spent for ARCFOUR and MD5.
>
> I've previously improved RSA by making the bignum library fully 64-bit,
> instead of a mixture of 32-bit and 64-bit. After that, the ARCFOUR numbers
> became more prominent.
>
> - Dan
>
