max rsa key length, sym. cipher and digest recommendations ?
Guus Sliepen
guus at tinc-vpn.org
Tue Jan 7 14:23:33 CET 2014
On Tue, Jan 07, 2014 at 01:54:19PM +0100, Phooraalai wrote:
> I now have a simple tinc vpn setup with a rsa keylength of 8192 bits,
> aes-256-cbc and sha512.
>
> Is there a way to measure throughput in tinc besides me watching the
> processes in "top" while I do my backups ? Usually my dsl connection is
> the bottleneck when doing backups. That way I could evaluate if I will
> keep sha512 or use sha1 just as you suggested. I know that I can compare
> "openssl speed sha1" and "openssl speed sha512", but that won't tell me
> what tinc is doing with it.
Use "openssl speed -evp <algorithm>" and have a look at the results for 1024
size blocks. That gives you the best indication of tinc's speed. The absolute
numbers might not be so relevant, but if one algorithm is faster than the other
when using that openssl command, it will also be faster than the other when
used in tinc.
> Debian wheezy has tinc 1.0.23, but ubuntu 12.04 is behind at 1.0.16 and
> ubuntu 13.10 is at 1.0.21. Is there a tinc apt repository which carries
> the sources so that I could build deb packages ?
Both Debian and Ubuntu have binary and source packages. You can either get them
using apt-get, if you add the unstable (for Debian) or trusty (for Ubuntu)
release to your /etc/apt/sources.list, or just go to the website of your
distribution and search for the tinc package to find links to the binaries and
sources:
http://packages.debian.org/tinc
http://packages.ubuntu.com/tinc
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140107/4b363715/attachment.sig>
More information about the tinc
mailing list