Re: [openpgp] SHA-x performance

Werner Koch <> Tue, 11 August 2015 20:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4E8321B2A5D for <>; Tue, 11 Aug 2015 13:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Tcl4tzSQ5vGe for <>; Tue, 11 Aug 2015 13:35:34 -0700 (PDT)
Received: from ( [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1B4C51B2A1F for <>; Tue, 11 Aug 2015 13:35:34 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 4.80 #2 (Debian)) id 1ZPGGi-0004Ev-Gk for <>; Tue, 11 Aug 2015 22:35:32 +0200
Received: from wk by with local (Exim 4.84 #3 (Debian)) id 1ZPGDL-0002qP-Gw; Tue, 11 Aug 2015 22:32:03 +0200
From: Werner Koch <>
To: Peter Gutmann <>
References: <> <> <> <> <> <> <> <> <> <>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367;
Mail-Followup-To: Peter Gutmann <>, Phillip Hallam-Baker <>, Derek Atkins <>, ianG <>, Daniel Kahn Gillmor <>, IETF OpenPGP <>
Date: Tue, 11 Aug 2015 22:32:03 +0200
In-Reply-To: <> (Peter Gutmann's message of "Tue, 11 Aug 2015 17:48:59 +0000")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: <>
Cc: IETF OpenPGP <>, Phillip Hallam-Baker <>, Derek Atkins <>, Daniel Kahn Gillmor <>, ianG <>
Subject: Re: [openpgp] SHA-x performance
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Aug 2015 20:35:35 -0000

On Tue, 11 Aug 2015 19:48, said:

> asm, C, Visual Basic, whatever), it's still going to be way faster than you
> ever need.  The only difference will be whether it's 100x faster than required
> or 200x faster.  

Depends on what you want to do: To feed a big pipe you will need a
reasonable fast CPU anyway because there are other things to do beside
crypto.  Thus it matters for those applications whether you can you
still use a cheaper CPU.

> Where it matters is IoT implementations, 180MHz STM32's and the like.  For
> example on a Cortex A7 (which is way more powerful than most IoT devices use,

Right that is a different class but fortunately we can run our protocols
easily there.  I concur that a MUST algorithm in OpenPGP should work
well on small devices.  This is also the reason why one algorithm
_might_ not fit all devices. has a lot data points but AFAICS it start with an A8 and
it any case there is too much data for a useful discussion.  Do you have
a suggestion on what CPUs from low to high end to do benchmarks so to
check which SHA variant is suitable?  Although, I assume that SHA-256
will likely be the best over all CPUs, having some concrete data points
may help to convince other folks.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.