Hi Chinmaya, ecp192 has a cryptographical strength of 96 bits so you should compare it with modp2048 which has about the same strength. modp768 is so ridiculously weak that you should not even mention it.
Since the advantage of ECDH increases rapidly with larger security strengths, make a comparison between ecp256 and either modp3072 or modp4096 depending on how paranoid you are, for a security strength of 128 bits. Best regards Andreas On 04.02.2014 14:48, Chinmaya Dwibedy wrote:
Hi,
To use ECDH (for enhanced setup rate), I did the followings for
Multi-Core MIPS64 processor target
1. Cross-compiled OpenSSL 1.0.0 with ECDH support.
2. Cross-compiled strongswan (5.0.4) with
–enable-openssl,--enable-load-tester & --disable-gmp plugins.
I installed both the packages in Linux. I have configured the followings
1.
In conn %default section of Ipsec.conf (IKE Responder)
ike=aes128-sha1-ecp192!
2. In load-tester section of strongswan.conf (IKE Initiator)
proposal = aes128-sha1-ecp192
I find, with ECP_192, the tunnel setup rate is very slow i.e., 35-37
(approx.) tunnels per second. However with MODP_768 (using gmp library),
the tunnel setup rate is to be 125-130 tunnels per second. What I
understand, the ECDH is faster than MODP. Can anyone please suggest me
if I am missing anything?. Thanking you in advance for your support and
help.
Regards,
Chinmaya
====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
