2 FreeSec - NetBSD libcrypt replacement
4 David Burren <davidb@werj.com.au>
5 Release 1.0, March 1994
7 Document ref: $FreeBSD: src/secure/lib/libcipher/README,v 1.4 1999/08/28 01:30:19 peter Exp $
12 This library is a drop-in replacement for the libcrypt used in U.S. copies
13 of NetBSD, duplicating that library's functionality. A suite of verification
14 and benchmark tools is provided.
16 FreeSec 1.0 is an original implementation of the DES algorithm and the
17 crypt(3) interfaces used in Unix-style operating systems. It was produced
18 in Australia and as such is not covered by U.S. export restrictions (at
19 least for copies that remain outside the U.S.).
24 An earlier version of the FreeSec library was built using the UFC-crypt
25 package that is distributed as part of the GNU library. UFC-crypt did not
26 support the des_cipher() or des_setkey() functions, nor the new-style
27 crypt with long keys. These were implemented in FreeSec 0.2, but at least
28 one bug remained, where encryption would only succeed if either the salt
29 or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered
30 by the GNU Library Licence.
32 FreeSec 1.0 is an original implementation by myself, and has been tested
33 against the verification suite I'd been using with FreeSec 0.2 (this is not
34 encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style
35 licence, which better fits into the *BSD hierarchy than the earlier GNU
39 Why should you use FreeSec?
40 ===========================
41 FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
42 to act as a baseline for encryption functionality.
44 Some other packages (such as Eric Young's libdes package) are faster and
45 more complete than FreeSec, but typically have different licencing
46 arrangements. While some applications will justify the use of these
47 packages, the idea here is that everyone should have access to *at least*
48 the functionality of FreeSec.
51 Performance of FreeSec 1.0
52 ==========================
53 I compare below the performance of three libcrypt implementations. As can be
54 seen, it's between the U.S. library and UFC-crypt. While the performance of
55 FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
56 future versions. I was interested to note that while UFC-crypt is faster on
57 a 386, hardware characteristics can have markedly different effects on each
61 386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2
63 ========================+===============+===============+==================
64 crypt (alternate keys) | 317 | 341 | 395
66 ------------------------+---------------+---------------+------------------
67 crypt (constant key) | 317 | 368 | 436
69 ------------------------+---------------+---------------+------------------
70 des_cipher( , , , 1) | 6037 | 7459 | 3343
72 ------------------------+---------------+---------------+------------------
73 des_cipher( , , , 25) | 8871 | 9627 | 15926
76 Notes: The results tabled here are the average over 10 runs.
77 The entry/exit code for FreeSec 0.2's des_cipher() is particularly
78 inefficient, thus the anomalous result for single encryptions.
81 As an experiment using a machine with a larger register set and an
82 obscenely fast CPU, I obtained the following results:
84 60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2
85 ========================+=================================
86 crypt (alternate keys) | 2545 | 2702
88 ------------------------+---------------------------------
89 crypt (constant key) | 2852 | 2981
91 ------------------------+---------------------------------
92 des_cipher( , , , 1) | 56443 | 21409
94 ------------------------+---------------------------------
95 des_cipher( , , , 25) | 82531 | 18276
98 Obviously your mileage will vary with your hardware and your compiler...