rpm-5.x has 2.5 (RSA with openssl is broken, DSA works, so 2.5)
crypto implementations.
Which means that one of BeeCrypt, NSS, or OpenSSL should become the
default.
Since there are no known problems with any of BeeCrypt, NSS or
OpenSSL implementations,
the criteria used to choose NSS (over BeeCrypt) in rpm-5.x last
November was performance.
It now turns out that my benchmark using --stats is flawed somehow:
[jbj@wellfleet beecrypt-4.1.2]$ rpm -qa --stats --usecrypto nss > /
dev/null
total: 1 0.000000 MB 6.656261 secs
digest: 1615 39.617621 MB 0.509697 secs
signature: 1353 0.000000 MB 5.148736 secs
dbget: 1537 40.805440 MB 0.147153 secs
hdrload: 1517 40.805388 MB 0.214369 secs
hdrget: 6030 0.000000 MB 0.016871 secs
[jbj@wellfleet beecrypt-4.1.2]$ rpm -qa --stats --usecrypto beecrypt
> /dev/null
total: 1 0.000000 MB 9.803716 secs
digest: 1615 39.617621 MB 0.505350 secs
signature: 1353 0.000000 MB 8.348607 secs
dbget: 1537 40.805440 MB 0.140118 secs
hdrload: 1517 40.805388 MB 0.205129 secs
hdrget: 6030 0.000000 MB 0.015127 secs
It turns out that BeeCrypt is actually the fastest of the 2.5
implementations, measured
by someone else using --stats, and also confirmed by me using
callgrind instruction counts.
Could some rpm-5.x users (other than me, my --stats are lying for
whatever reason)
please try to confirm that, indeed, BeeCrypt is higher performing
(i.e. faster) than NSS?
All that is needed (with an rpm-5.x install and necessary pubkeys
imported)
is to run "rpm -qa --stats" with either --usecrypto nss (the current
default in rpm-5.x)
or --usecrypto beecrypt as above.
ATM, the performance criteria favors BeeCrypt, not NSS, as the better
default choice
for a crypto implementation.
(aside) If there is a need to have OpenSSL functional with RSA
signatures, or
to use Gcrypt as a 4th alternative, please poke me and I'll finish up
the implementations.
73 de Jeff
Received on Fri May 23 20:27:57 2008