password-change performance using AES-NI ?
ghudson at MIT.EDU
Sun May 12 01:08:45 EDT 2013
On 05/11/2013 08:08 PM, Danny Thomas wrote:
> Does anyone have a rough idea of how much improvement this might
> bring. I'm hoping it will be substantial because string-to-key
> involves 4,096 iterations.
PBKDF2 uses many iterations of a hash algorithm (SHA-1, in the case of
Kerberos AES enctypes), not a block cipher. Using AES-NI will not have
a perceptible impact on string-to-key performance.
> AFAICT from a quick glance over the past 6 months of cvs-krb5,
> I didn't see any commit apparently for AES-NI.
I haven't pushed the code yet. At the moment, it's at:
More information about the Kerberos