[PATCH 1/8] g10/decrypt-data: use fill_buffer in more places

Werner Koch wk at gnupg.org
Tue Nov 13 16:33:42 CET 2018

On Thu,  8 Nov 2018 19:38, jussi.kivilinna at iki.fi said:

> Ok, I'll make patch AEAD only. For CFB/MDC, user can of course use 
> --skip-verify if they know that input does not have signature and want
> to get highest performance.

We should add this to the FAQ under a new section how to speed up

> decrypting MDC encrypted, not signed (AES128+2xSHA1(mdc+extra)+RMD160(extra)):
>  user 9.6s, 206 MB/s
> decrypting MDC encrypted, not signed --skip-verify (AES128+SHA1(mdc)):
>  user 3.0s, 575 MB/s

The RMD160 is really really slow.

> decrypting AEAD encrypted, not signed (AES128_OCB+SHA1(extra)+RMD160(extra)):
>  user 7.6s, 258 MB/s
> decrypting AEAD encrypted, not signed --skip-verify or patched (AES128_OCB):
>  user 0.95s, 1.2 GB/s

Yeah, that is a speedup.

> I also noticed that --skip-verify does not affect decryption speed of
> signed input. Selected digest algorithm gets enabled regardless of 
> --skip-verify in proc_plaintext(). Should this be fixed?

Yes, please.  Performance was not an issue back in April 98 when I
implemented --skip-verify.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20181113/6cbbd7d2/attachment.sig>

More information about the Gnupg-devel mailing list