Commit | Line | Data |
---|---|---|
984263bc MD |
1 | |
2 | FreeSec - NetBSD libcrypt replacement | |
3 | ||
4 | David Burren <davidb@werj.com.au> | |
5 | Release 1.0, March 1994 | |
6 | ||
7 | Document ref: $FreeBSD: src/secure/lib/libcipher/README,v 1.4 1999/08/28 01:30:19 peter Exp $ | |
1de703da | 8 | Document ref: $DragonFly: src/secure/lib/libcipher/README,v 1.2 2003/06/17 04:27:48 dillon Exp $ |
984263bc MD |
9 | |
10 | ||
11 | Description | |
12 | =========== | |
13 | This library is a drop-in replacement for the libcrypt used in U.S. copies | |
14 | of NetBSD, duplicating that library's functionality. A suite of verification | |
15 | and benchmark tools is provided. | |
16 | ||
17 | FreeSec 1.0 is an original implementation of the DES algorithm and the | |
18 | crypt(3) interfaces used in Unix-style operating systems. It was produced | |
19 | in Australia and as such is not covered by U.S. export restrictions (at | |
20 | least for copies that remain outside the U.S.). | |
21 | ||
22 | ||
23 | History | |
24 | ======= | |
25 | An earlier version of the FreeSec library was built using the UFC-crypt | |
26 | package that is distributed as part of the GNU library. UFC-crypt did not | |
27 | support the des_cipher() or des_setkey() functions, nor the new-style | |
28 | crypt with long keys. These were implemented in FreeSec 0.2, but at least | |
29 | one bug remained, where encryption would only succeed if either the salt | |
30 | or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered | |
31 | by the GNU Library Licence. | |
32 | ||
33 | FreeSec 1.0 is an original implementation by myself, and has been tested | |
34 | against the verification suite I'd been using with FreeSec 0.2 (this is not | |
35 | encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style | |
36 | licence, which better fits into the *BSD hierarchy than the earlier GNU | |
37 | licence. | |
38 | ||
39 | ||
40 | Why should you use FreeSec? | |
41 | =========================== | |
42 | FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt, | |
43 | to act as a baseline for encryption functionality. | |
44 | ||
45 | Some other packages (such as Eric Young's libdes package) are faster and | |
46 | more complete than FreeSec, but typically have different licencing | |
47 | arrangements. While some applications will justify the use of these | |
48 | packages, the idea here is that everyone should have access to *at least* | |
49 | the functionality of FreeSec. | |
50 | ||
51 | ||
52 | Performance of FreeSec 1.0 | |
53 | ========================== | |
54 | I compare below the performance of three libcrypt implementations. As can be | |
55 | seen, it's between the U.S. library and UFC-crypt. While the performance of | |
56 | FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in | |
57 | future versions. I was interested to note that while UFC-crypt is faster on | |
58 | a 386, hardware characteristics can have markedly different effects on each | |
59 | implementation. | |
60 | ||
61 | ||
62 | 386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2 | |
63 | CFLAGS=-O2 | | | | |
64 | ========================+===============+===============+================== | |
65 | crypt (alternate keys) | 317 | 341 | 395 | |
66 | crypt/sec | | | | |
67 | ------------------------+---------------+---------------+------------------ | |
68 | crypt (constant key) | 317 | 368 | 436 | |
69 | crypt/sec | | | | |
70 | ------------------------+---------------+---------------+------------------ | |
71 | des_cipher( , , , 1) | 6037 | 7459 | 3343 | |
72 | blocks/sec | | | | |
73 | ------------------------+---------------+---------------+------------------ | |
74 | des_cipher( , , , 25) | 8871 | 9627 | 15926 | |
75 | blocks/sec | | | | |
76 | ||
77 | Notes: The results tabled here are the average over 10 runs. | |
78 | The entry/exit code for FreeSec 0.2's des_cipher() is particularly | |
79 | inefficient, thus the anomalous result for single encryptions. | |
80 | ||
81 | ||
82 | As an experiment using a machine with a larger register set and an | |
83 | obscenely fast CPU, I obtained the following results: | |
84 | ||
85 | 60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2 | |
86 | ========================+================================= | |
87 | crypt (alternate keys) | 2545 | 2702 | |
88 | crypt/sec | | | |
89 | ------------------------+--------------------------------- | |
90 | crypt (constant key) | 2852 | 2981 | |
91 | crypt/sec | | | |
92 | ------------------------+--------------------------------- | |
93 | des_cipher( , , , 1) | 56443 | 21409 | |
94 | blocks/sec | | | |
95 | ------------------------+--------------------------------- | |
96 | des_cipher( , , , 25) | 82531 | 18276 | |
97 | blocks/sec | | | |
98 | ||
99 | Obviously your mileage will vary with your hardware and your compiler... |