[tor-relays] Is AES-NI enabled in tor?
Ivan Markin
twim at riseup.net
Fri Dec 23 00:28:00 UTC 2016
Patrice:
> From that I thought Tor used already OpenSSL but it wasn't installed. :S
You had OpenSSL library installed as a shared object libcrypto.so to
which tor is dynamically linked. Though you didn't have /usr/bin/openssl
aka "OpenSSL command line tool". This is pretty common setup.
> I bought this board with this CPU (incl. AES-NI support) because I
> thought it would give a benefit.
It's better to stick with more common techniques for ciphers, not with
AES-specific. I mean vectorized operations in modern CPUs like AVX,
AVX2, AVX512, NEON and even SSE3. Tor is gradually migrating to ChaCha20
instead of AES as stream cipher. ChaCha20 runs on vectorized operations
in time comparable to AES with AES-NI and faster than AES w/o AES-NI
since AES doesn't support vectorized operations.
Also it's better to use different platforms in light of recent
discussion about Intel ME and just because Tor needs diversity on all
levels. :)
--
Ivan Markin
More information about the tor-relays
mailing list