I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my "stupid" questions.
I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea <erwann.aba...@keynectis.com> wrote: > GPGPU isn't natively supported. You can write your own engine if you want, > but I think memory transfers will dominate the cost. > AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz > for 8k blocks). > > -- > Erwann ABALEA > > Le 13/03/2013 16:49, Ewen Chan a écrit : >> >> Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI >> enabled CPU or would it faster do it with a GPGPU? >> >> Does OpenSSL even support GPU acceleration? >> >> On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan <chan.e...@gmail.com> wrote: >>> >>> Thanks. >>> >>> On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea >>> <erwann.aba...@keynectis.com> wrote: >>>> >>>> The algorithm "Rijndael" has some knobs you can turn to tune. >>>> The standard "AES" has these parameters fixed in stone. >>>> >>>> AES-192 is effectively "less secure" than AES-256 because of the key >>>> length >>>> and number of rounds. >>>> But "less secure" may be "secure enough". In fact, AES-128 is secure >>>> enough >>>> for most uses. >>>> Number of rounds is important for AES security as it is for any other >>>> algorithm (think about attacks on reduced-rounds AES/SHA/whatever). >>>> >>>> -- >>>> Erwann ABALEA >>>> >>>> Le 13/03/2013 15:31, Ewen Chan a écrit : >>>> >>>>> So the algorithms include the number of rounds? I thought that it >>>>> would only describe the math process and that it would be independent >>>>> of the number of rounds (so long as you meed Rijndael's "minimum" - >>>>> which is what the current number of rounds is set/default as). >>>>> >>>>> I did not know that. Hmmm....thanks. >>>>> >>>>> Does this mean that a AES-192-CBC is less secure than an AES-256-CBC >>>>> because of the key length and the number of rounds associated with >>>>> that; or am I understanding that wrong - that the number of rounds has >>>>> less-so to do with the security of the algorithm compared to the key >>>>> length? >>>>> >>>>> On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea >>>>> <erwann.aba...@keynectis.com> wrote: >>>>>> >>>>>> If you change the number of rounds, then it's not AES anymore, but a >>>>>> custom >>>>>> Rijndael. >>>>>> Reading the source code, it appears there's no support for that in >>>>>> OpenSSL >>>>>> (and poking inside an AES_KEY to change the number of rounds probably >>>>>> won't >>>>>> work). >>>>>> >>>>>> -- >>>>>> Erwann ABALEA >>>>>> >>>>>> Le 13/03/2013 14:32, Ewen Chan a écrit : >>>>>> >>>>>>> There's a file that I want to encrypt using AES-192-CBC but with 19 >>>>>>> rounds rather than the default 12-rounds. >>>>>>> >>>>>>> Is there a way for me to specify the number of rounds that I would >>>>>>> like to use with the AES-192-CBC? (and override the algorithm >>>>>>> defaults)? >>>>>>> >>>>>>> Is that something that I can within the openssl command itself (to >>>>>>> encrypt a file) or is the process much more involved than that? And >>>>>>> requires programming/scripting? >>>>>> >>>>>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
