Fast MAC algorithms?

james hughes hughejp at
Thu Jul 23 19:33:58 EDT 2009

Note for Moderator. This is not crypto but TOE being the solution to  
networking performance problems is a perception that is dangerous to  
leave in the crypto community.

On Jul 23, 2009, at 11:45 PM, Nicolas Williams wrote:

> On Thu, Jul 23, 2009 at 05:34:13PM +1200, Peter Gutmann wrote:
>> "mheyman at" <mheyman at> writes:
>>> 2) If you throw TCP processing in there, unless you are  
>>> consistantly going to
>>> have packets on the order of at least 1000 bytes, your crypto  
>>> algorithm is
>>> almost _irrelevant_.
>>> [...]
>>> for a Linux 2.2.14 kernel, remember, this was 10 years ago.
>> Could the lack of support for TCP offload in Linux have skewed  
>> these figures
>> somewhat?  It could be that the caveat for the results isn't so  
>> much "this was
>> done ten years ago" as "this was done with a TCP stack that ignores  
>> the
>> hardware's advanced capabilities".
> How much NIC hardware does both, ESP/AH and TCP offload?  My guess:  
> not
> much.  A shame, that.
> Once you've gotten a packet off the NIC to do ESP/AH processing,  
> you've
> lost the opportunity to use TOE.

IPSEC offload can have value. TOE are far more controversial.

TOEs that are implemented in a slow processor in a NIC card have been  
shown many times to be ineffective compared to keeping TCP in the  
fastest CPU (where it is now). For vendors that can't optimize their  
TCP implementation (because it is just too complicated for then?) TOE  
is a siren call that detracts them from their real problem. Look at  
Van Jacobson post of May 2000 entitled "TCP in 30 instructions".
There was a paper about this, but I am at a loss to find it. One can  
go even farther back to "An Analysis of TCP Processing Overhead",   
Clark, Jacobson, Romkey and Salwen in 1989 which states "The protocol  
itself is a small fraction of the problem".

Back to crypto please.

> Nico
> -- 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list