Hi,
I compiled trousers and tpm-tools from git repository and everything seems
working fine. However, I notice a strange behavior when unsealing data - it
takes too long. Here is what I did - I created a 40MB file with random data and
run tpm_sealdata/tpm_unsealdata as follows:
# time tpm_sealdata -i test.in -o test.in.sealed -z
real 0m5.902s
user 0m1.952s
sys 0m0.288s
# time tpm_unsealdata -i test.in.sealed -o test.in.unsealed -z
real 19m14.666s
user 19m10.556s
sys 0m0.628s
So, as you see sealing data takes 6 second and unsealing 19 minutes!!! If I
understand correctly, sealing/unsealing uses AES-256-CBC algorithm, so it is
supposed to be well symmetric :-) My only explanation to this is that tpm-tools
use openssl in order to seal data and TPM in order to unseal. For comparison, I
performed the same operation using openssl along and here are results:
# time openssl aes-256-cbc -e -in test.in -out test.in.encoded -a -pass
file:test.key
real 0m2.102s
user 0m1.880s
sys 0m0.216s
# time openssl aes-256-cbc -d -in test.in.encoded -out test.in.decoded -a -pass
file:test.key
real 0m3.372s
user 0m3.188s
sys 0m0.180s
So, should I suck it up and accept it as design limitation or is it something
that can be fixed/improved?
Regards,
Dmitri
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
