| gabriel rosenkoetter on 18 Oct 2003 23:48:02 -0400 |
|
On Sat, Oct 18, 2003 at 09:35:41PM -0400, Mental Patient wrote:
> Could you explain why? The encryption overhead is negligable on modern
> processors.
That's flatly not true. s{cp,ftp} a moderately sized file (10 GB or
larger) and watch how much processor it chews up. And then be glad
you're not trying to do something with the machines at either end.
Now consider how long that'd go on if you were transfering something
that's actually large (1 TB or greater).
Using a cipher that's quick on 32-bit processors (blowfish isn't
bad, twofish is better, but I don't know if even OpenSSH supports
that yet) helps, but you're still going to lose ~50% processor for
the duration. 3DES will kill your cycles completely for the duration.
People sell (and make good money from selling) crypto accelerator
cards for very good reasons.
> I regularly tunnel rsync over ssh. Whats the problem?
Probably not much, since rsync is precisely designed to transfer as
little information at possible... at the cost of processor devoted
to the checksum calculations at either end. (The checksums are
probably cheaper than the streaming crypto, unless you're
off-loading the crypto, in which case rsync will be a net loss
unless time of transfer is the only relevant metric.)
I'd also guess that you probably aren't actually trying to *use* the
endpoints of this transfer while it's in progress.
--
gabriel rosenkoetter
gr@eclipsed.net
Attachment:
pgpZ1FuglRHso.pgp
|
|