excessive SHA1 calls

Love lha at samba.org
Thu Nov 24 09:52:16 GMT 2005

Love Hörnquist Åstrand <lha at kth.se> writes:

> tridge at samba.org writes:
>> Andrew and Love,
>> I've found out why smbd under valgrind with krb5 enabled is so
>> slow. Each SMB authentication with kerberos calls SHA1 around 24500
>> times. That seems a little excessive :-)
> (4k+1) * 2 * 2 == 16384 of those calls are at least the string2key
> function, depending on how often the code calls s2k, it could be more.
> aes encryption type iteration counter * hmac-sha1 * 2 sha1 sized blocks
> size aes-256 uses 32 byte.
> I doen't remember any numbers on the performance of the sha1 in Heimdal's
> libdes, will make a performance-test first thing when I get to work.

This is with openssl sha1 on my 1.67GHz G4.

des-cbc-crc string2key 1000 iterations time:   0.012479
des3-cbc-sha1 string2key 1000 iterations time:   0.090195
arcfour-hmac-md5 string2key 1000 iterations time:   0.003314
aes128-cts-hmac-sha1-96 string2key 1000 iterations time:  38.712972
aes256-cts-hmac-sha1-96 string2key 1000 iterations time:  71.655219

About 24000 sha1 calls seems to be in the right dimension for one s2k, but
that shouldn't account for all your time since that would be be around 0.4s
for my slow hotplate, eh, powerbook.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051124/2187e866/attachment.bin

More information about the samba-technical mailing list