Story Detail of id 42637044 | Liveview Hacker News

throw0101c1 week ago | on: Cracking a 512-bit DKIM key for less than $8 in the cloud

> There's no good reason at all

Operations per second?

* https://wiki.strongswan.org/projects/strongswan/wiki/PublicK...

Running MacPorts-installed `openssl speed rsa` on an Apple M4 (non-Pro):

    version: 3.4.0
    built on: Tue Dec  3 14:33:57 2024 UTC
    options: bn(64,64)
    compiler: /usr/bin/clang -fPIC -arch arm64 -pipe -Os -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX15.sdk -arch arm64 -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX15.sdk -DL_ENDIAN -DOPENSSL_PIC -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG -I/opt/local/include -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX15.sdk
    CPUINFO: OPENSSL_armcap=0x87d
                       sign    verify    encrypt   decrypt   sign/s verify/s  encr./s  decr./s
    rsa   512 bits 0.000012s 0.000001s 0.000001s 0.000016s  80317.8 973378.4 842915.2  64470.9
    rsa  1024 bits 0.000056s 0.000003s 0.000003s 0.000060s  17752.4 381404.1 352224.8  16594.4
    rsa  2048 bits 0.000334s 0.000008s 0.000009s 0.000343s   2994.9 117811.8 113258.1   2915.6
    rsa  3072 bits 0.000982s 0.000018s 0.000019s 0.000989s   1018.4  54451.6  53334.8   1011.3
    rsa  4096 bits 0.002122s 0.000031s 0.000032s 0.002129s    471.3  31800.6  31598.7    469.8
    rsa  7680 bits 0.016932s 0.000104s 0.000107s 0.017048s     59.1   9585.7   9368.4     58.7
    rsa 15360 bits 0.089821s 0.000424s 0.000425s 0.090631s     11.1   2357.4   2355.5     11.0

(Assuming you have to stick with RSA and not go over to EC.)

daneel_w1 week ago | parent | next

These are contrived benchmarks at the extreme end of things. In real world usage the difference is drowned-out by the delays of so many other things happening in order to complete a handshake and key exchange. The mildly higher performance of RSA 3072 versus RSA 4096 wasn't even a big bonus during the CPU performances we had 15 years ago.

jandrese1 week ago | parent

It's roughly half as fast as 4096, which sounds bad until you realize that 3072 is already 20% as fast as 2048, 3% as fast as 1024, and 1% as fast as 512. In terms of performance tradeoff it's downright mild compared to the other steps up.

throw0101c1 week ago | root | parent

If I could waive a magic wand and get a 40-100% performance boost on a service by changing 3-4 characters (s/4096/3072/) why wouldn't I take it? (Assuming I need security go to beyond RSA 2028.)

bawolff1 week ago | root | parent | next

Its not a 40-100% performance boost overall, its just during one specific step that is a very small part of the entire overall system.

jrpelkonen1 week ago | root | parent | next

Well, in typical use cases RSA usage is very limited (eg some operations during TLS handshake), so the 40-100% boost wouldn’t be across the board, but likely shave some milliseconds per connection.

1 week ago | root | parent

{"deleted":true,"id":42638849,"parent":42637178,"time":1736373181,"type":"comment"}

#visit	11564951
#session	45464
#live-session	0