--weak-digest SHA1 causes significant slowdown in --check-trustdb (2.1.10)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 5 17:42:13 CET 2016

On Tue 2016-01-05 05:59:04 -0500, Werner Koch wrote:
> On Tue,  5 Jan 2016 05:20, dkg at fifthhorseman.net said:
>> With a hot filesystem cache, "gpg2 --check-trustdb" on its own takes
>> about 17 seconds to run.
> Can you please also try
>   gpg2 --no-sig-cache --check-trustdb
> I assume this will get you the same timing as with --weak-digest SHA1.
> At least for my tests.

Hm, the sig-cache definitely speeds things up, but it seems orthogonal
to the --weak-digest SHA1 situation:

$ time gpg2 --check-trustdb
real	0m5.855s
user	0m4.652s
sys	0m1.200s
$ time gpg2 --weak-digest SHA1 --check-trustdb
real	0m51.010s
user	0m12.988s
sys	0m38.028s
$ time gpg2 --no-sig-cache --check-trustdb
real	0m30.979s
user	0m29.740s
sys	0m1.244s
$ time gpg2 --no-sig-cache --weak-digest SHA1 --check-trustdb
real	57m26.022s
user	26m57.472s
sys	30m28.892s


I observe that the kernel/userspace split doesn't seem to be affected at
all by --no-sig-cache, either.



More information about the Gnupg-devel mailing list