IETF Logo Mail Archive

Re: [openpgp] Version 5 key and fingerprint proposal

Derek Atkins <derek@ihtfp.com> Mon, 20 March 2017 23:13 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C7AB126D85 for <openpgp@ietfa.amsl.com>; Mon, 20 Mar 2017 16:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.447
X-Spam-Level:
X-Spam-Status: No, score=-0.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xDOlNSp50Pj for <openpgp@ietfa.amsl.com>; Mon, 20 Mar 2017 16:13:39 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7406B127077 for <openpgp@ietf.org>; Mon, 20 Mar 2017 16:13:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 9AAC3E2039; Mon, 20 Mar 2017 19:13:37 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 24812-01; Mon, 20 Mar 2017 19:13:35 -0400 (EDT)
Received: from securerf.ihtfp.org (50-250-227-93-static.hfc.comcastbusiness.net [50.250.227.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id EB65CE2043; Mon, 20 Mar 2017 19:13:34 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1490051615; bh=X8+k4AHcP3TJ9SC19t91jtE3wm/tWW5YimV4ru4ASN4=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=ZrvrQC1D6JUdCo66swnHpMU1OkK90kGIrzgwVZ4kQDDrhFDYosSS2VFHjrUxb6ULs 9HccoTQ25OUFqNpouqKRCDn8n2lLfyWpzwHIKErqHHc7pYhVUDEIbEDQs6n4P+ifvf 1jiPlfbqs1s13c4/ZlmuN7H4XgeUfkcOATLDBdtk=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id v2KFYf3h020250; Mon, 20 Mar 2017 11:34:41 -0400
From: Derek Atkins <derek@ihtfp.com>
To: "HANSEN, TONY L" <tony@att.com>
Cc: IETF OpenPGP <openpgp@ietf.org>
References: <87varlou5m.fsf@wheatstone.g10code.de> <20170307230605.GA2@hashbang.sh> <87efy8ntcx.fsf@wheatstone.g10code.de> <20170309174531.GB2@hashbang.sh> <20170309184745.GC2@hashbang.sh> <CABcZeBMhpXy-e9Mtp8LwfqfAVW_ks3JBw1H2N3H_0c4gpQBqpg@mail.gmail.com> <DAC23A62-14BF-4AAA-8E52-09029B279E8F@icloud.com> <87varhculg.fsf@wheatstone.g10code.de> <2BC88897-B957-4E4E-B109-DFF4EFA14B4D@icloud.com> <87mvco40xf.fsf@wheatstone.g10code.de> <87mvclwjih.fsf@wheatstone.g10code.de> <sjmr31xtf9r.fsf@securerf.ihtfp.org> <C44EAA51-9967-4E49-9FD8-2B678DD8E393@att.com>
Date: Mon, 20 Mar 2017 11:34:41 -0400
In-Reply-To: <C44EAA51-9967-4E49-9FD8-2B678DD8E393@att.com> (TONY L. HANSEN's message of "Thu, 16 Mar 2017 17:25:38 +0000")
Message-ID: <sjmy3w0rmge.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/wINv43kNzx5D2s2gG4trneDeoJQ>
Subject: Re: [openpgp] Version 5 key and fingerprint proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 23:13:41 -0000

Tony,

"HANSEN, TONY L" <tony@att.com> writes:

> (This is probably old info for some of you.)
>
> From my analysis, the difference in speed between sha2-256 and
> sha2-512 is directly because of the use of 32-bit arithmetic vs 64-bit
> arithmetic. The algorithms are essentially identical, not counting the
> underlying constants. On machines where 64-bit arithmetic is faster
> than 32-bit arithmetic, sha2-512 will be faster than sha2-256. On
> machines where 32-bit arithmetic is faster than 64-bit arithmetic,
> sha2-256 will be faster than sha2-512.

That's nice.

I'm working on systems which are 16-bit or even 8-bit wide, with clock
speeds in the single or low-double-digit MegaHertz.  Yes, I'm running
(parts of) OpenPGP in these environments.  This is why I'm arguing for
SHA-256.  Because sure, if you're running at 2.4GHz and you need to take
an extra million cycles you'll never notice, but if you're running at
16MHz ... OUCH.

>   On 8-bit or 16-bit machines,
> you’re going to be emulating either 32-bit arithmetic or emulating
> 64-bit arithmetic; usually the 32-bit arithmetic will be faster.  :-)

Exactly.   So what's the actual wall-clock difference of 256 vs 512 on
an Intel 64 running at 2.2GHz?  Well, just for kicks I decided to run an
openssl speed test on my laptop (Intel(R) Core(TM) i7-4800MQ CPU @
2.70GHz) and this is what I get:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha256           79196.40k   177603.09k   319138.68k   406628.35k   438559.68k
sha512           51763.29k   206704.67k   366123.95k   555307.69k   647932.40k

As you can see, sha256 is faster on small inputs, but by 64 bytes of
input sha512 gets to be a tad faster.  For what we're talking about here
we're probably between the 64 and 256 byte marks, where they look pretty
equal on this nice, cushy 2.7GHz 64-bit i7 CPU (177-319 vs 206-366
MB/sec, or kB/ms).  So basically, assuming 100B of data to be hashed,
we're talking about 349-403us a 15% speed difference (only 54us
difference). I don't think anyone would notice an extra 54us.

Alas, I don't have an MSP430 at my fingertips to run a similar test, but
I suspect the difference is significantly more.  For one thing the clock
speed is only around 16-24MHz, not 2.7GHz.  To make the math easy, let's
call it 27MHz.  So all else being equal (which it isn't, being a 16-bit
platform and not a 64-bit platform), accounting *JUST* for the clock
speed we're talking a 100x speed difference, or 5.4ms.

But of course all else ISN'T the same, so we probably are talking a good
20-50ms speed difference, which *IS* noticible.  I'll see if I can get
some actual numbers on the MSP430, but I'm traveling the next couple
days and don't have my dev board with me so it might not happen quickly.
But even if we agree that the difference is only 25ms, I'd rather save
that 25ms on the MSP430 at the expense of 54us extra on a 3-year-old
Intel laptop.

Sure, if everyone is running Intel 64 I wouldn't question the choice.
If the difference between was under a millisecond I wouldn't care.  But
that's not the world I'm living in, but it's the world I'd like to
deploy (parts) of OpenPGP.  I'd love to have a 32-bit system running in
the GHz at my disposal.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email