GPG with GPUs

[Robert J. Hansen]

On 06/17/2012 01:26 PM, Hauke Laging wrote:
> start cmd:> time gpg --encrypt --sign 200k-file 

Unless you're testing with 50 certificates, this isn't exactly a fair
comparison.  Here's what I came up with:


System: Intel i7-2600K @ 3.4GHz, 32Gb RAM

Methodology:
	* A 256k random file was created [1]
	* This file was encrypted with 50 certificates [2]
	* The time was reported (see below)
	* The file was checked [3] to ensure all 50 certs were
	  present

Results: 0.31 seconds to encrypt a 256k file containing random binary
	data to 51 certificates (my own + 50 others)

Conclusions: there's something amiss here that neither a new GPU nor an
RNG will fix.

I'm including the Python script (works with 2.7 and 3.2) I used for
testing, so that other people who are interested in recreating my
results can check for themselves.  Warning: if you ever write Python
code like this in the real world your programming team will beat you to
death.








[1] dd if=/dev/urandom of=rand.bin bs=262144 count=1
[2] The script to run GnuPG with the huge recipient list is:
=====
#!/usr/bin/python

from __future__ import print_function
from re import compile as compile_re
from subprocess import check_output as run_cmd

rx = compile_re("^pub:[f-]:.*:([0-9A-F]{16}):")

print(run_cmd(
        (
            "/usr/bin/time /usr/bin/gpg2 " +
            "--trust-model always --armor --recipient " +
            "--recipient ".join(
            [Y.group(1) + " " for Y in
                [
                    rx.search(X) for X in run_cmd(
                        [
                            "/usr/bin/gpg2",
                            "--fixed-list-mode",
                            "--with-colons",
                            "--list-keys"
                        ]
                    ).decode("UTF-8").split("\n")
                ]
            if Y != None][:50]
            ) + "--encrypt rand.bin"
        ).split()
    ).decode("ASCII"))
=====
[3] /usr/bin/gpg2 --list-packets rand.bin.asc|grep keyid|wc -l