Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
You are right about AES-CBC. Palatalization of block encryption is not really possible. If you want to encrypt blocks in parallel then you should use AES-CTR. Kris - Original Message From: openssl-users@openssl.org To: Erwann Abalea erwann.aba...@keynectis.com Cc: openssl-users@openssl.org Subject: Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC Date: Mar 13, 2013 10:18 PM I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my quot;stupidquot; questions. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea lt;erwann.aba...@keynectis.comgt; wrote: gt; GPGPU isn't natively supported. You can write your own engine if you want, gt; but I think memory transfers will dominate the cost. gt; AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz gt; for 8k blocks). gt; gt; -- gt; Erwann ABALEA gt; gt; Le 13/03/2013 16:49, Ewen Chan a écrit : gt;gt; gt;gt; Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI gt;gt; enabled CPU or would it faster do it with a GPGPU? gt;gt; gt;gt; Does OpenSSL even support GPU acceleration? gt;gt; gt;gt; On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan lt;chan.e...@gmail.comgt; wrote: gt;gt;gt; gt;gt;gt; Thanks. gt;gt;gt; gt;gt;gt; On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea gt;gt;gt; lt;erwann.aba...@keynectis.comgt; wrote: gt;gt;gt;gt; gt;gt;gt;gt; The algorithm quot;Rijndaelquot; has some knobs you can turn to tune. gt;gt;gt;gt; The standard quot;AESquot; has these parameters fixed in stone. gt;gt;gt;gt; gt;gt;gt;gt; AES-192 is effectively quot;less securequot; than AES-256 because of the key gt;gt;gt;gt; length gt;gt;gt;gt; and number of rounds. gt;gt;gt;gt; But quot;less securequot; may be quot;secure enoughquot;. In fact, AES-128 is secure gt;gt;gt;gt; enough gt;gt;gt;gt; for most uses. gt;gt;gt;gt; Number of rounds is important for AES security as it is for any other gt;gt;gt;gt; algorithm (think about attacks on reduced-rounds AES/SHA/whatever). gt;gt;gt;gt; gt;gt;gt;gt; -- gt;gt;gt;gt; Erwann ABALEA gt;gt;gt;gt; gt;gt;gt;gt; Le 13/03/2013 15:31, Ewen Chan a écrit : gt;gt;gt;gt; gt;gt;gt;gt;gt; So the algorithms include the number of rounds? I thought that it gt;gt;gt;gt;gt; would only describe the math process and that it would be independent gt;gt;gt;gt;gt; of the number of rounds (so long as you meed Rijndael's quot;minimumquot; - gt;gt;gt;gt;gt; which is what the current number of rounds is set/default as). gt;gt;gt;gt;gt; gt;gt;gt;gt;gt; I did not know that. Hmmmthanks. gt;gt;gt;gt;gt; gt;gt;gt;gt;gt; Does this mean that a AES-192-CBC is less secure than an AES-256-CBC gt;gt;gt;gt;gt; because of the key length and the number of rounds associated with gt;gt;gt;gt;gt; that; or am I understanding that wrong - that the number of rounds has gt;gt;gt;gt;gt; less-so to do with the security of the algorithm compared to the key gt;gt;gt;gt;gt; length? gt;gt;gt;gt;gt; gt;gt;gt;gt;gt; On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea gt;gt;gt;gt;gt; lt;erwann.aba...@keynectis.comgt; wrote: gt;gt;gt;gt;gt;gt; gt;gt;gt;gt;gt;gt; If you change the number of rounds, then it's not AES anymore, but a gt;gt;gt;gt;gt;gt; custom gt;gt;gt;gt;gt;gt; Rijndael. gt;gt;gt;gt;gt;gt; Reading the source code, it appears there's no support for that in gt;gt;gt;gt;gt;gt; OpenSSL gt;gt;gt;gt;gt;gt; (and poking inside an AES_KEY to change the number of rounds probably gt;gt;gt;gt;gt;gt; won't gt;gt;gt;gt;gt;gt; work). gt;gt;gt;gt;gt;gt; gt;gt;gt;gt;gt;gt; -- gt;gt;gt;gt;gt;gt; Erwann ABALEA gt;gt;gt;gt;gt;gt; gt;gt;gt;gt;gt;gt; Le 13/03/2013 14:32, Ewen Chan a écrit : gt;gt;gt;gt;gt;gt; gt;gt;gt;gt;gt;gt;gt; There's a file that I want to encrypt using AES-192-CBC but with 19 gt;gt;gt;gt;gt;gt;gt; rounds rather than the default 12-rounds. gt;gt;gt;gt;gt;gt;gt; gt;gt;gt;gt;gt;gt;gt; Is there a way for me to specify the number of rounds that I would gt;gt;gt;gt;gt;gt;gt; like to use with the AES-192-CBC? (and override the algorithm gt;gt;gt;gt;gt;gt;gt; defaults)? gt;gt;gt;gt;gt;gt;gt; gt;gt;gt;gt;gt;gt;gt; Is that something that I can within the openssl command itself (to gt;gt;gt;gt;gt;gt;gt; encrypt a file) or is the process much more involved than that? And gt;gt;gt;gt;gt;gt;gt; requires programming/scripting?
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
If what you want is simply encrypt and decrypt files using command-line openssl executable, then you don't need to play with engine or evp options. openssl enc uses the EVP interface, which in turn will make use of AES-NI instructions if available (or SSE3, SSE2, SSE, anything available on the runtime platform to speed it up). -- Erwann ABALEA Le 13/03/2013 18:07, Ewen Chan a écrit : Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le 13/03/2013 14:32, Ewen Chan a écrit : There's a file that I want to encrypt using AES-192-CBC but with 19 rounds rather than the default 12-rounds. Is there a way for me to specify the number of rounds that I would like to use with the AES-192-CBC? (and override the algorithm defaults)? Is that something that I can within the openssl command itself (to encrypt a file) or is the process much more involved than that? And requires programming/scripting? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Wouldn't enabling AES-NI during the encryption/decryption process make it run faster? So even if I'm just running the openssl command-line executable, processing those files with AES-NI enabled (via '-engine aesni') would be faster than if I left that part out? (I'm still a little fuzzy as to whether I would need '-evp' when I use '-engine aesni' or if they work independent of each other.) The man pages doesn't say anything about that (at least not on the man pages online @ openssl.org). On Wed, Mar 13, 2013 at 1:31 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: If what you want is simply encrypt and decrypt files using command-line openssl executable, then you don't need to play with engine or evp options. openssl enc uses the EVP interface, which in turn will make use of AES-NI instructions if available (or SSE3, SSE2, SSE, anything available on the runtime platform to speed it up). -- Erwann ABALEA Le 13/03/2013 18:07, Ewen Chan a écrit : Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm compared to the key length? On Wed, Mar 13, 2013 at 10:24 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: If you change the number of rounds, then it's not AES anymore, but a custom Rijndael. Reading the source code, it appears there's no support for that in OpenSSL (and poking inside an AES_KEY to change the number of rounds probably won't work). -- Erwann ABALEA Le
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Le 13/03/2013 19:10, Ewen Chan a écrit : Wouldn't enabling AES-NI during the encryption/decryption process make it run faster? Of course. So even if I'm just running the openssl command-line executable, processing those files with AES-NI enabled (via '-engine aesni') would be faster than if I left that part out? No. Because AES-NI instructions will automatically be used when available, in your specific scenario. (automatically: you don't have to do anything special to get it) (I'm still a little fuzzy as to whether I would need '-evp' when I use '-engine aesni' or if they work independent of each other.) The man pages doesn't say anything about that (at least not on the man pages online @ openssl.org). The man pages don't go into that kind of detail for the command-line tool (command-line tool: used to do quick stuff, debug things, prototype). Have you tried to encrypt actual files? Have you encountered a CPU bottleneck, a bug, or anything? On Wed, Mar 13, 2013 at 1:31 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: If what you want is simply encrypt and decrypt files using command-line openssl executable, then you don't need to play with engine or evp options. openssl enc uses the EVP interface, which in turn will make use of AES-NI instructions if available (or SSE3, SSE2, SSE, anything available on the runtime platform to speed it up). -- Erwann ABALEA Le 13/03/2013 18:07, Ewen Chan a écrit : Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less secure may be secure enough. In fact, AES-128 is secure enough for most uses. Number of rounds is important for AES security as it is for any other algorithm (think about attacks on reduced-rounds AES/SHA/whatever). -- Erwann ABALEA Le 13/03/2013 15:31, Ewen Chan a écrit : So the algorithms include the number of rounds? I thought that it would only describe the math process and that it would be independent of the number of rounds (so long as you meed Rijndael's minimum - which is what the current number of rounds is set/default as). I did not know that. Hmmmthanks. Does this mean that a AES-192-CBC is less secure than an AES-256-CBC because of the key length and the number of rounds associated with that; or am I understanding that wrong - that the number of rounds has less-so to do with the security of the algorithm
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
I'm asking about the '-engine aesni' flag because when I google openssl aes-ni - that's what comes up. I've never used it before, but I'm about to as I've recently aquired a system that supports AES-NI. I'm also asking because I'm about to encrypt a whole bunch of files and some of them are quite large, so I want to have an idea if the encryption job is going to be something that's going to be done in a few minutes, a few hours, or a few days? I was under the impression (based on the documentation and what I've been able to find online on google) that you had to invoke the AES-NI by using the '-engine' flag; but I guess from what you're saying, that that's not true. On Wed, Mar 13, 2013 at 2:29 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 19:10, Ewen Chan a écrit : Wouldn't enabling AES-NI during the encryption/decryption process make it run faster? Of course. So even if I'm just running the openssl command-line executable, processing those files with AES-NI enabled (via '-engine aesni') would be faster than if I left that part out? No. Because AES-NI instructions will automatically be used when available, in your specific scenario. (automatically: you don't have to do anything special to get it) (I'm still a little fuzzy as to whether I would need '-evp' when I use '-engine aesni' or if they work independent of each other.) The man pages doesn't say anything about that (at least not on the man pages online @ openssl.org). The man pages don't go into that kind of detail for the command-line tool (command-line tool: used to do quick stuff, debug things, prototype). Have you tried to encrypt actual files? Have you encountered a CPU bottleneck, a bug, or anything? On Wed, Mar 13, 2013 at 1:31 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: If what you want is simply encrypt and decrypt files using command-line openssl executable, then you don't need to play with engine or evp options. openssl enc uses the EVP interface, which in turn will make use of AES-NI instructions if available (or SSE3, SSE2, SSE, anything available on the runtime platform to speed it up). -- Erwann ABALEA Le 13/03/2013 18:07, Ewen Chan a écrit : Yea, I've tried reading the man pages, but it doesn't list all of the options available on there (which would tend to indicate that it is a little behind compared to the development and released versions of OpenSSL). Do you need the '-evp' flag to use '-engine aesni' or they operate independent of each other? And if I'm not planning on coding with the OpenSSL library, but rather just using it to encrypt/decrypt files on my system; then I don't need the '-evp' flag correct? On Wed, Mar 13, 2013 at 12:56 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 17:17, Ewen Chan a écrit : I'm quite new to openSSL and AES and cryptography as a whole, so please forgive my stupid questions. You then may start by reading the different manpages, then. OpenSSL is a large beast, and you won't do anything useful without reading. I've read that because of the way that the AES-CBC works that it depends on the result from the previous round in order to encrypt the current round that it is inherently not well suited for parallelization; which I am then guessing that it is very possible that it would run (a LOT) slower on GPGPU than it would on an AES-NI enabled CPU. Would that be a fair and safe assumption? That's right. You can achieve better performance with CTR mode, for example. But even there, I doubt you can beat AES-NI. I'm also looking online and through the man pages and it seems like that people are invoking the aesni by using the command: openssl -engine aesni -evp aes-256-cbc ... what's the '-evp' flag for? It means use the EVP interface. EVP is a higher level interface to cryptographic primitives. In the case of AES, it can make use of AES-NI instructions if available. That's useful only if you plan to code using the OpenSSL library. On Wed, Mar 13, 2013 at 12:12 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: GPGPU isn't natively supported. You can write your own engine if you want, but I think memory transfers will dominate the cost. AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53 GHz for 8k blocks). -- Erwann ABALEA Le 13/03/2013 16:49, Ewen Chan a écrit : Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI enabled CPU or would it faster do it with a GPGPU? Does OpenSSL even support GPU acceleration? On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote: Thanks. On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea erwann.aba...@keynectis.com wrote: The algorithm Rijndael has some knobs you can turn to tune. The standard AES has these parameters fixed in stone. AES-192 is effectively less secure than AES-256 because of the key length and number of rounds. But less
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
Le 13/03/2013 20:06, Ewen Chan a écrit : I'm asking about the '-engine aesni' flag because when I google openssl aes-ni - that's what comes up. I've never used it before, but I'm about to as I've recently aquired a system that supports AES-NI. I'm also asking because I'm about to encrypt a whole bunch of files and some of them are quite large, so I want to have an idea if the encryption job is going to be something that's going to be done in a few minutes, a few hours, or a few days? Define quite large. By disabling AES-NI detection on my laptop, I can encrypt files at about 225MB/s (1 GB in 4.5 seconds, AES-128-CBC). That's much faster than what my SATA harddrive can do. Disabling SSE* and MMX instructions allow the same machine to encrypt data at about 82MB/s (1 GB in 13 seconds). Again, more than enough to saturate my hard drive. I was under the impression (based on the documentation and what I've been able to find online on google) that you had to invoke the AES-NI by using the '-engine' flag; but I guess from what you're saying, that that's not true. That's useless for openssl enc. That may be useful for openssl speed (as -evp may also be useful), but it's a different goal. And it can also depend on your hardware, your OpenSSL version, and compilation flags. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
I'm running on a 30 TB server with about 1.4 million files. I think that at last audit, the single largest file is 45 GB (as an example). And I'm prepping to run AES-256-CBC. The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm pretty sure that I can peg (or at least supply) the full 6 Gbps bandwidth for encryption. I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the latest openssl package is also being considered at this time (as well as possible a change to the host system OS to Linux (e.g. Ubuntu 12.04) or Solaris 11) or that I am just going to stream the data over 10 GbE connection (by mounting over SMB/NFS and running the encryption using the client processor, but the data is just being passed through during the encryption process - no data is stored on the client system post-encryption). The openssl wasn't recompiled from source; but whatever's built/included with the OS. On Wed, Mar 13, 2013 at 3:51 PM, Erwann Abalea erwann.aba...@keynectis.com wrote: Le 13/03/2013 20:06, Ewen Chan a écrit : I'm asking about the '-engine aesni' flag because when I google openssl aes-ni - that's what comes up. I've never used it before, but I'm about to as I've recently aquired a system that supports AES-NI. I'm also asking because I'm about to encrypt a whole bunch of files and some of them are quite large, so I want to have an idea if the encryption job is going to be something that's going to be done in a few minutes, a few hours, or a few days? Define quite large. By disabling AES-NI detection on my laptop, I can encrypt files at about 225MB/s (1 GB in 4.5 seconds, AES-128-CBC). That's much faster than what my SATA harddrive can do. Disabling SSE* and MMX instructions allow the same machine to encrypt data at about 82MB/s (1 GB in 13 seconds). Again, more than enough to saturate my hard drive. I was under the impression (based on the documentation and what I've been able to find online on google) that you had to invoke the AES-NI by using the '-engine' flag; but I guess from what you're saying, that that's not true. That's useless for openssl enc. That may be useful for openssl speed (as -evp may also be useful), but it's a different goal. And it can also depend on your hardware, your OpenSSL version, and compilation flags. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote: I'm running on a 30 TB server with about 1.4 million files. I think that at last audit, the single largest file is 45 GB (as an example). And I'm prepping to run AES-256-CBC. The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm pretty sure that I can peg (or at least supply) the full 6 Gbps bandwidth for encryption. I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the latest openssl package is also being considered at this time (as well as possible a change to the host system OS to Linux (e.g. Ubuntu 12.04) or Solaris 11) or that I am just going to stream the data over 10 GbE connection (by mounting over SMB/NFS and running the encryption using the client processor, but the data is just being passed through during the encryption process - no data is stored on the client system post-encryption). The openssl wasn't recompiled from source; but whatever's built/included with the OS. Why not use the latest Linux kernel full disk and/or partition encryption via dmraid or other technique, which has AES-NI support in-kernel, to avoid userspace overhead which will be considerable with such throughput goals? Matthew. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] specifying the number of rounds that I would like to use with AES-192-CBC
The problem that I initially ran into when I was creating the volume was that there wasn't a Linux file system that could handle a 27 TB volume. The closest that I got was Btrfs and the time, it was still in I think 0.98alpha or something like that. Also as a result of that, there were no data recovery tools available that in the event of a RAID failure (but the drives are otherwise intact) that I need to be able to do a data recovery off the drives and to be able to pull the data and stitch it back together. Now the plan is for the clone/mirrored server (that also has plans for LTO tape expansion) that the data going on the tapes will be the fully encrypted files. If I do the volume encryption, the decryption will be also tied to the volume; which limits possiblities (if I understand it correctly) in porting the data forward as the volume or volumes grow. Conversely, if I encrypt the files (rather than the volume); then the encryption isn't linked to the volume itself; which means it can be next-gen-ext4, ZFS, btrfs (when it matures) etc... And even if I were to encrypt the entire volume; the question of whether AES-NI is enabled or disabled by default will still be persistent. (There are also early analysis plans that are currently being studied to implement 4x QDR Infiniband and all network traffic will be pushed onto that NIC/protocol instead, resulting in a net 32 Gbps connection per port.) So there are some high level planning stuff that's going on - but I'm currently studying the encryption aspect of it (out of the whole grand scheme/big picture of things). (There's SOME reasoning to the madness...) On Wed, Mar 13, 2013 at 4:04 PM, Matthew Hall mh...@mhcomputing.net wrote: On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote: I'm running on a 30 TB server with about 1.4 million files. I think that at last audit, the single largest file is 45 GB (as an example). And I'm prepping to run AES-256-CBC. The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm pretty sure that I can peg (or at least supply) the full 6 Gbps bandwidth for encryption. I'm currently using OpenSSL 0.9.8, and evaluations to upgrade to the latest openssl package is also being considered at this time (as well as possible a change to the host system OS to Linux (e.g. Ubuntu 12.04) or Solaris 11) or that I am just going to stream the data over 10 GbE connection (by mounting over SMB/NFS and running the encryption using the client processor, but the data is just being passed through during the encryption process - no data is stored on the client system post-encryption). The openssl wasn't recompiled from source; but whatever's built/included with the OS. Why not use the latest Linux kernel full disk and/or partition encryption via dmraid or other technique, which has AES-NI support in-kernel, to avoid userspace overhead which will be considerable with such throughput goals? Matthew. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
