[PATCH 1/8] g10/decrypt-data: use fill_buffer in more places
Werner Koch
wk at gnupg.org
Tue Nov 13 16:33:42 CET 2018
On Thu, 8 Nov 2018 19:38, jussi.kivilinna at iki.fi said:
> Ok, I'll make patch AEAD only. For CFB/MDC, user can of course use
> --skip-verify if they know that input does not have signature and want
> to get highest performance.
We should add this to the FAQ under a new section how to speed up
operations.
> decrypting MDC encrypted, not signed (AES128+2xSHA1(mdc+extra)+RMD160(extra)):
> user 9.6s, 206 MB/s
> decrypting MDC encrypted, not signed --skip-verify (AES128+SHA1(mdc)):
> user 3.0s, 575 MB/s
The RMD160 is really really slow.
> decrypting AEAD encrypted, not signed (AES128_OCB+SHA1(extra)+RMD160(extra)):
> user 7.6s, 258 MB/s
> decrypting AEAD encrypted, not signed --skip-verify or patched (AES128_OCB):
> user 0.95s, 1.2 GB/s
Yeah, that is a speedup.
> I also noticed that --skip-verify does not affect decryption speed of
> signed input. Selected digest algorithm gets enabled regardless of
> --skip-verify in proc_plaintext(). Should this be fixed?
Yes, please. Performance was not an issue back in April 98 when I
implemented --skip-verify.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20181113/6cbbd7d2/attachment.sig>
More information about the Gnupg-devel
mailing list