If you change the number of rounds, then it's not AES anymore, but a
custom Rijndael.
Reading the source code, it appears there's no support for that in
OpenSSL (and poking inside an AES_KEY to change the number of rounds
probably won't work).
--
Erwann ABALEA
Le 13/03/2013 14:32, Ewen Chan
So the algorithms include the number of rounds? I thought that it
would only describe the math process and that it would be independent
of the number of rounds (so long as you meed Rijndael's minimum -
which is what the current number of rounds is set/default as).
I did not know that.
The algorithm Rijndael has some knobs you can turn to tune.
The standard AES has these parameters fixed in stone.
AES-192 is effectively less secure than AES-256 because of the key
length and number of rounds.
But less secure may be secure enough. In fact, AES-128 is secure
enough for most
Thanks.
On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
The algorithm Rijndael has some knobs you can turn to tune.
The standard AES has these parameters fixed in stone.
AES-192 is effectively less secure than AES-256 because of the key length
and number of
Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI
enabled CPU or would it faster do it with a GPGPU?
Does OpenSSL even support GPU acceleration?
On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote:
Thanks.
On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
GPGPU isn't natively supported. You can write your own engine if you
want, but I think memory transfers will dominate the cost.
AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53
GHz for 8k blocks).
--
Erwann ABALEA
Le 13/03/2013 16:49, Ewen Chan a écrit :
Would it be
I'm quite new to openSSL and AES and cryptography as a whole, so
please forgive my stupid questions.
I've read that because of the way that the AES-CBC works that it
depends on the result from the previous round in order to encrypt the
current round that it is inherently not well suited for
Le 13/03/2013 17:17, Ewen Chan a écrit :
I'm quite new to openSSL and AES and cryptography as a whole, so
please forgive my stupid questions.
You then may start by reading the different manpages, then. OpenSSL is a
large beast, and you won't do anything useful without reading.
I've read
Yea, I've tried reading the man pages, but it doesn't list all of the
options available on there (which would tend to indicate that it is a
little behind compared to the development and released versions of
OpenSSL).
Do you need the '-evp' flag to use '-engine aesni' or they operate
independent
You are right about AES-CBC. Palatalization of block encryption is not
really possible. If you want to encrypt blocks in parallel then you should
use AES-CTR.
Kris
- Original Message
From: openssl-users@openssl.org
To: Erwann Abalea erwann.aba...@keynectis.com
Cc:
If what you want is simply encrypt and decrypt files using command-line
openssl executable, then you don't need to play with engine or evp options.
openssl enc uses the EVP interface, which in turn will make use of
AES-NI instructions if available (or SSE3, SSE2, SSE, anything available
on the
Wouldn't enabling AES-NI during the encryption/decryption process make
it run faster?
So even if I'm just running the openssl command-line executable,
processing those files with AES-NI enabled (via '-engine aesni') would
be faster than if I left that part out?
(I'm still a little fuzzy as to
Le 13/03/2013 19:10, Ewen Chan a écrit :
Wouldn't enabling AES-NI during the encryption/decryption process make
it run faster?
Of course.
So even if I'm just running the openssl command-line executable,
processing those files with AES-NI enabled (via '-engine aesni') would
be faster than if
I'm asking about the '-engine aesni' flag because when I google
openssl aes-ni - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a whole bunch of files
and some of them are
Le 13/03/2013 20:06, Ewen Chan a écrit :
I'm asking about the '-engine aesni' flag because when I google
openssl aes-ni - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm
pretty sure that I can peg (or at least supply) the
On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote:
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5
The problem that I initially ran into when I was creating the volume
was that there wasn't a Linux file system that could handle a 27 TB
volume. The closest that I got was Btrfs and the time, it was still in
I think 0.98alpha or something like that.
Also as a result of that, there were no data
18 matches
Mail list logo
