max rsa key length, sym. cipher and digest recommendations ?

Phooraalai phooraalai at googlemail.com
Tue Jan 7 15:08:57 CET 2014 

Hello Guus,

from "openssl speed -evp sha512"
Doing sha512 for 3s on 1024 size blocks: 289576 sha512's in 3.01s

So that is 282MB in 3 seconds (if I am correct), and the dsl at this
remote branch is served by a linux router on a fanless intel atom. The
dsl's downstream capacity is about 2,5 MB/sec, the upstream about
200KB/sec ;) So I'll keep sha512 as the digest.

Thanks for the hint. Ubuntu's deb packages for Trusty are at version
1.0.23. That 1.0.23 deb package installs fine on Ubuntu 12.04 and 13.04.

BR
P.



Am 07.01.2014 14:23, schrieb Guus Sliepen:
> On Tue, Jan 07, 2014 at 01:54:19PM +0100, Phooraalai wrote:
> 
>> I now have a simple tinc vpn setup with a rsa keylength of 8192 bits,
>> aes-256-cbc and sha512.
>>
>> Is there a way to measure throughput in tinc besides me watching the
>> processes in "top" while I do my backups ? Usually my dsl connection is
>> the bottleneck when doing backups. That way I could evaluate if I will
>> keep sha512 or use sha1 just as you suggested. I know that I can compare
>> "openssl speed sha1" and "openssl speed sha512", but that won't tell me
>> what tinc is doing with it.
> 
> Use "openssl speed -evp <algorithm>" and have a look at the results for 1024
> size blocks. That gives you the best indication of tinc's speed. The absolute
> numbers might not be so relevant, but if one algorithm is faster than the other
> when using that openssl command, it will also be faster than the other when
> used in tinc.
> 
>> Debian wheezy has tinc 1.0.23, but ubuntu 12.04 is behind at 1.0.16 and
>> ubuntu 13.10 is at 1.0.21. Is there a tinc apt repository which carries
>> the sources so that I could build deb packages ?
> 
> Both Debian and Ubuntu have binary and source packages. You can either get them
> using apt-get, if you add the unstable (for Debian) or trusty (for Ubuntu)
> release to your /etc/apt/sources.list, or just go to the website of your
> distribution and search for the tinc package to find links to the binaries and
> sources:
> 
> http://packages.debian.org/tinc
> http://packages.ubuntu.com/tinc
> 
> 
> 
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>

More information about the tinc mailing list