RPM Community Forums

Mailing List Message of <rpm-devel>

Re: Which of beecrypt/nss/openssl as default?

From: devzero2000 <pinto.elia@gmail.com>
Date: Sat 24 May 2008 - 18:32:50 CEST
Message-ID: <b086760e0805240932u56d24468o910c3fb2bb72906b@mail.gmail.com> 
Not what you have asked -* *I think that the best information source could
come at the moment from Ralf with the huge multiplatform support, OS and
compiler, of openpkg - but * *I have found this reference, in some way
related  to the original question, interesting and perhaps useful for the
discussion (https://admin.fedoraproject.com/wiki/FedoraCryptoConsolidation).
Sure the goal are different.

(aside) why this reference cite rpm 4.4.2.x as one to nss enable  is  a
mistery for me - probably i miss something - as for instance this link says
the contrary apparently https://bugzilla.redhat.com/show_bug.cgi?id=444389

Best Regards

On Fri, May 23, 2008 at 8:25 PM, Jeff Johnson <n3npq@mac.com> wrote:

> rpm-5.x has 2.5 (RSA with openssl is broken, DSA works, so 2.5) crypto
> implementations.
>
> Which means that one of BeeCrypt, NSS, or OpenSSL  should become the
> default.
>
> Since there are no known problems with any of BeeCrypt, NSS or OpenSSL
> implementations,
> the criteria used to choose NSS (over BeeCrypt) in rpm-5.x last November
> was performance.
>
> It now turns out that my benchmark using --stats is flawed somehow:
>
> [jbj@wellfleet beecrypt-4.1.2]$ rpm -qa --stats --usecrypto nss >
> /dev/null
>   total:               1      0.000000 MB      6.656261 secs
>   digest:           1615     39.617621 MB      0.509697 secs
>   signature:        1353      0.000000 MB      5.148736 secs   dbget:
>      1537     40.805440 MB      0.147153 secs
>   hdrload:          1517     40.805388 MB      0.214369 secs
>   hdrget:           6030      0.000000 MB      0.016871 secs
> [jbj@wellfleet beecrypt-4.1.2]$ rpm -qa --stats --usecrypto beecrypt >
> /dev/null
>   total:               1      0.000000 MB      9.803716 secs
>   digest:           1615     39.617621 MB      0.505350 secs
>   signature:        1353      0.000000 MB      8.348607 secs
>   dbget:            1537     40.805440 MB      0.140118 secs
>   hdrload:          1517     40.805388 MB      0.205129 secs
>   hdrget:           6030      0.000000 MB      0.015127 secs
>
> It turns out that BeeCrypt is actually the fastest of the 2.5
> implementations, measured
> by someone else using --stats, and also confirmed by me using callgrind
> instruction counts.
>
> Could some rpm-5.x users (other than me, my --stats are lying for whatever
> reason)
> please try to confirm that, indeed, BeeCrypt is higher performing (i.e.
> faster) than NSS?
>
> All that is needed (with an rpm-5.x install and necessary pubkeys imported)
> is to run "rpm -qa --stats" with either --usecrypto nss (the current
> default in rpm-5.x)
> or --usecrypto beecrypt as above.
>
> ATM, the performance criteria favors BeeCrypt, not NSS, as the better
> default choice
> for a crypto implementation.
>
> (aside) If there is a need to have OpenSSL functional with RSA signatures,
> or
> to use Gcrypt as a 4th alternative, please poke me and I'll finish up the
> implementations.
>
> 73 de Jeff
>
> ______________________________________________________________________
> RPM Package Manager                                    http://rpm5.org
> Developer Communication List                        rpm-devel@rpm5.org
>
Received on Sat May 24 18:32:53 2008
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.