[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Timings

> Date: Tue, 28 Mar 1995 11:57:00 -0700
> From: Hilarie Orman <ho@cs.arizona.edu>

> I'd like to insert a few words of caution about timings of crypto routines.
> The speed of eating an apple, orange, or banana differs depending on
> whether or not you start with peeled fruit, partially digested, or juiced.
> Similarly, the following factors must be normalized when timing software:

I suppose this is worth a disclaimer.

The numbers I posted before were as follows:

MD5 -	tested alternating blocks of RAM, designed not to see caching

SHA - 	run over a 7.5 Mbyte file in /tmp (RAM)
	"system" time was not counted, as it was related to the
	read calls.

DES - 	run over a 7.5 Mbyte file in /tmp (RAM) same as SHA
	"system" calls not counted, as in SHA

The code was as follows:

MD5 - 	reference code from the RFC (orig) and
	optimized code (cache-avoidance double-buffering, optimized
		byte reordering for big-endian machines, 
		loop unrolling, etc.)

SHA - 	off the net, with the following tag line:
	(includes byte-reordering for little-endian machines,
	no other modifications)

	* Copyright 1993, Dr. James J. Gillogly
 	* This code may be freely used in any application.

DES - 	from ripem.msu.edu: (from the readme:)

	Dana How <how@isl.stanford.edu>
	Portable, very fast implementation of basic DES routines only.
	Supposedly the fastest C version around.  Not so fast at key-setting
	(i.e., password hacking).  This code was submitted to comp.sources.misc
	as Volume 29, Issue 80 and later updated in Volume 29, Issue 128.  
	May 92 version.

All were compiled with gcc version 2.6.0, with all optimizations on.

The tests were considered comparable because in each case, when the code
was compiled with profiling on (-p, -pg), the profiling indicated that
99% of the user time was spent in the encryption/authentication code.

Caching was inhibited by using double-buffering with block sizes larger
than 1/2 the cache size for the machines tested, or by using large /tmp
files as input.

Data dependency was avoided by random initialization of the blocks (for
authentication) and random file data as input. In these cases the
random data was created off-line or before timing began.

Endian costs were approximately 25% of the overall costs of the
MD5 algorithm (on big-endian machines). There was no endian cost
for SHA on a big-endian machine. I don't know the endian-ness of DES
off the top of my head, though.