On 05/11/2013 08:08 PM, Danny Thomas wrote:
> Does anyone have a rough idea of how much improvement this might
> bring. I'm hoping it will be substantial because string-to-key
> involves 4,096 iterations.
PBKDF2 uses many iterations of a hash algorithm (SHA-1, in the case of
Kerberos AES enctypes), not a block cipher. Using AES-NI will not have
a perceptible impact on string-to-key performance.
> AFAICT from a quick glance over the past 6 months of cvs-krb5,
> I didn't see any commit apparently for AES-NI.
I haven't pushed the code yet. At the moment, it's at:
https://github.com/greghudson/krb5/tree/aesni
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
