Dewey Hylton <dewey.hyl...@gmail.com> wrote: > i know that the alix has hardware crypto supporting aes-128-cbc. one thing > that was unclear to me was, on the openbsd ipsec side, whether > aes == aes-128 == aes-128-cbc ... my assumption was YES, after seeing that
Yes. > aes/aes-128 are both 3 times faster than des on this hardware - but then > i found that blowfish and aes-256 are both faster as well, so at this point 3DES is relatively slow in software. More modern algorithms like Blowfish and AES were designed for their operations to map efficiently to the command sets of common 32- and 64-bit microprocessors. > i'm still not sure i'm even getting anything out of the hardware crypto. You are. You could compare the performance of "aes" (AES-128-CBC) and "aesctr" (AES-128-CTR). These require similar amounts of processing, but aesctr doesn't benefit from the Geode's hardware acceleration. Also, as has already been mentioned, the authentication algoritms are similarly computationally expensive as the encryption part. If there isn't enough CPU, you could gain some performance by switching back from AES/SHA256 to AES/SHA1. -- Christian "naddy" Weisgerber na...@mips.inka.de