nant's projects / dragonfly.git / blame
| Commit | Line | Data |
|---|---|---|
| 984263bc MD |
1 | |
| 2 | FreeSec - NetBSD libcrypt replacement | |
| 3 | ||
| 4 | David Burren <davidb@werj.com.au> | |
| 5 | Release 1.0, March 1994 | |
| 6 | ||
| 7 | Document ref: $FreeBSD: src/secure/lib/libcipher/README,v 1.4 1999/08/28 01:30:19 peter Exp $ | |
| 1de703da | 8 | Document ref: $DragonFly: src/secure/lib/libcipher/README,v 1.2 2003/06/17 04:27:48 dillon Exp $ |
| 984263bc MD |
9 | |
| 10 | ||
| 11 | Description | |
| 12 | =========== | |
| 13 | This library is a drop-in replacement for the libcrypt used in U.S. copies | |
| 14 | of NetBSD, duplicating that library's functionality. A suite of verification | |
| 15 | and benchmark tools is provided. | |
| 16 | ||
| 17 | FreeSec 1.0 is an original implementation of the DES algorithm and the | |
| 18 | crypt(3) interfaces used in Unix-style operating systems. It was produced | |
| 19 | in Australia and as such is not covered by U.S. export restrictions (at | |
| 20 | least for copies that remain outside the U.S.). | |
| 21 | ||
| 22 | ||
| 23 | History | |
| 24 | ======= | |
| 25 | An earlier version of the FreeSec library was built using the UFC-crypt | |
| 26 | package that is distributed as part of the GNU library. UFC-crypt did not | |
| 27 | support the des_cipher() or des_setkey() functions, nor the new-style | |
| 28 | crypt with long keys. These were implemented in FreeSec 0.2, but at least | |
| 29 | one bug remained, where encryption would only succeed if either the salt | |
| 30 | or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered | |
| 31 | by the GNU Library Licence. | |
| 32 | ||
| 33 | FreeSec 1.0 is an original implementation by myself, and has been tested | |
| 34 | against the verification suite I'd been using with FreeSec 0.2 (this is not | |
| 35 | encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style | |
| 36 | licence, which better fits into the *BSD hierarchy than the earlier GNU | |
| 37 | licence. | |
| 38 | ||
| 39 | ||
| 40 | Why should you use FreeSec? | |
| 41 | =========================== | |
| 42 | FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt, | |
| 43 | to act as a baseline for encryption functionality. | |
| 44 | ||
| 45 | Some other packages (such as Eric Young's libdes package) are faster and | |
| 46 | more complete than FreeSec, but typically have different licencing | |
| 47 | arrangements. While some applications will justify the use of these | |
| 48 | packages, the idea here is that everyone should have access to *at least* | |
| 49 | the functionality of FreeSec. | |
| 50 | ||
| 51 | ||
| 52 | Performance of FreeSec 1.0 | |
| 53 | ========================== | |
| 54 | I compare below the performance of three libcrypt implementations. As can be | |
| 55 | seen, it's between the U.S. library and UFC-crypt. While the performance of | |
| 56 | FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in | |
| 57 | future versions. I was interested to note that while UFC-crypt is faster on | |
| 58 | a 386, hardware characteristics can have markedly different effects on each | |
| 59 | implementation. | |
| 60 | ||
| 61 | ||
| 62 | 386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2 | |
| 63 | CFLAGS=-O2 | | | | |
| 64 | ========================+===============+===============+================== | |
| 65 | crypt (alternate keys) | 317 | 341 | 395 | |
| 66 | crypt/sec | | | | |
| 67 | ------------------------+---------------+---------------+------------------ | |
| 68 | crypt (constant key) | 317 | 368 | 436 | |
| 69 | crypt/sec | | | | |
| 70 | ------------------------+---------------+---------------+------------------ | |
| 71 | des_cipher( , , , 1) | 6037 | 7459 | 3343 | |
| 72 | blocks/sec | | | | |
| 73 | ------------------------+---------------+---------------+------------------ | |
| 74 | des_cipher( , , , 25) | 8871 | 9627 | 15926 | |
| 75 | blocks/sec | | | | |
| 76 | ||
| 77 | Notes: The results tabled here are the average over 10 runs. | |
| 78 | The entry/exit code for FreeSec 0.2's des_cipher() is particularly | |
| 79 | inefficient, thus the anomalous result for single encryptions. | |
| 80 | ||
| 81 | ||
| 82 | As an experiment using a machine with a larger register set and an | |
| 83 | obscenely fast CPU, I obtained the following results: | |
| 84 | ||
| 85 | 60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2 | |
| 86 | ========================+================================= | |
| 87 | crypt (alternate keys) | 2545 | 2702 | |
| 88 | crypt/sec | | | |
| 89 | ------------------------+--------------------------------- | |
| 90 | crypt (constant key) | 2852 | 2981 | |
| 91 | crypt/sec | | | |
| 92 | ------------------------+--------------------------------- | |
| 93 | des_cipher( , , , 1) | 56443 | 21409 | |
| 94 | blocks/sec | | | |
| 95 | ------------------------+--------------------------------- | |
| 96 | des_cipher( , , , 25) | 82531 | 18276 | |
| 97 | blocks/sec | | | |
| 98 | ||
| 99 | Obviously your mileage will vary with your hardware and your compiler... |