password-change performance using AES-NI ?

Danny Thomas d.thomas at
Sun May 12 18:27:21 EDT 2013

On 12/05/2013, at 3:08 PM, Greg Hudson wrote:

> PBKDF2 uses many iterations of a hash algorithm (SHA-1, in the case of
> Kerberos AES enctypes), not a block cipher.  Using AES-NI will not have
> a perceptible impact on string-to-key performance.
I should have looked at rfc3962 to get back up to speed.

I believe OpenSSL is supposed to have one of the best open-source
implementations of SHA1, at least when SSSE3 is available (possibly
better when AVX available), so we might check the relative performance
of builtin vs openssl crypto back-ends.

Is there any downside in switching to openssl back-end ?

Might also ask on the openssl mailing ist whether there's active work
on GPU-accelerated engines. There is engine-cuda but I'm not sure
it is maintained/production-ready.

Various people have looked at GPUs for encryption/hashing, e.g. search
for "PBKDF2 CUDA" or "PBKDF2 OpenCL"


More information about the Kerberos mailing list