[erlang-questions] SSL performance
Andreas Schultz
aschultz@REDACTED
Wed Feb 11 16:57:32 CET 2015
----- On 11 Feb, 2015, at 16:48, Jesper Louis Andersen jesper.louis.andersen@REDACTED wrote:
> On Wed, Feb 11, 2015 at 4:29 PM, Andreas Schultz <aschultz@REDACTED> wrote:
>
>> So, don't blame the speed on the cryptographic library, but on the
>> interface to it.
>
>
> This should perhaps have been in a highlighted position. Yes, indeed, the
> interface is the problem. Since `ssl`, the Erlang application is using this
> interface however, it becomes a bound on the speed, which was kind of the
> primary point.
>
> The secondary point about enacl is that we can do better, much better. The
> salsa20 suite of ciphers (salsa20, xsalsa20 and chacha20) are all
> considerably faster than AES, even with optimizations, for the same or
> better security margin. Combined with a bad interface, the speed difference
> becomes noticable to the point where it begins to matter. Enacl could be
> optimized further and currently includes a tradeoff where it copies the 200
> megabytes for a nicer interface. Exposing a worse interface could avoid
> that copy altogether for really speed-sensitive programs.
BTW: Erlang 18 when compiled on libressl or a recent/patched OpenSSL will have
the ChaCha20/Policy1305 AEAD cipher for TLS [1]. The crypto interface is still not
optimal, but it would be interesting to compare that to enacl.
[1]: https://github.com/erlang/otp/commit/fb9d36c2c7c1bd4760d0be2801b9c2852d3502bf
https://github.com/erlang/otp/commit/7603a4029514a644c8323028b06acdc33e45b286
Andreas
>
> Of couse I'm biased :P
>
>
> --
> J.
--
--
Dipl. Inform.
Andreas Schultz
More information about the erlang-questions
mailing list