This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |
| docs:techref:hardware:cryptographic.hardware.accelerators [2024/11/10 20:12] – corrections systemcrash | docs:techref:hardware:cryptographic.hardware.accelerators [2024/11/10 20:17] (current) – [Measuring the algorithm speed] systemcrash |
|---|
| </code> | </code> |
| |
| This is typical for a ''/dev/crypto'' cipher. There's a cost in CPU usage: the context switches needed to run the code in the kernel, represented by the 5.13s of system time used. That cost will not vary much with the size of the crypto operation. Because of that, for small batches, the use of hardware drivers will slow you down considerably. As the block size increases, ''/dev/crypto'' becomes the best choice. Be aware of how the application uses the cipher. For example, AES-128-ECB is used by openssl to seed the rng, using 16-byte calls. I haven't seen any other use of the ECB ciphers, so it is best to disable them entirely. | This is typical for a ''/dev/crypto'' cipher. There's a cost in CPU usage: the context switches needed to run the code in the kernel, represented by the 5.13s of system time used. That cost will not vary much with the size of the crypto operation. Because of that, for small batches, the acceleration of hardware drivers will be penalised by context switches and slow you down considerably. As the block size increases, ''/dev/crypto'' becomes the best choice. Be aware of how the application uses the cipher. For example, AES-128-ECB is used by openssl to seed the rng, using 16-byte calls. I haven't seen any other use of the ECB ciphers, so it is best to disable them entirely. |
| |
| ==== Disabling digests ==== | ==== Disabling digests ==== |