Fast MAC algorithms?

Nicolas Williams Nicolas.Williams at
Thu Jul 23 11:45:25 EDT 2009

On Thu, Jul 23, 2009 at 05:34:13PM +1200, Peter Gutmann wrote:
> "mheyman at" <mheyman at> writes:
> >2) If you throw TCP processing in there, unless you are consistantly going to
> >have packets on the order of at least 1000 bytes, your crypto algorithm is
> >almost _irrelevant_.
> >[...]
> >for a Linux 2.2.14 kernel, remember, this was 10 years ago.
> Could the lack of support for TCP offload in Linux have skewed these figures
> somewhat?  It could be that the caveat for the results isn't so much "this was
> done ten years ago" as "this was done with a TCP stack that ignores the
> hardware's advanced capabilities".

How much NIC hardware does both, ESP/AH and TCP offload?  My guess: not
much.  A shame, that.

Once you've gotten a packet off the NIC to do ESP/AH processing, you've
lost the opportunity to use TOE.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list