Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document PyCrypto's hilarious/sad slowmath vs fastmath BS #819

Closed
bitprophet opened this issue Sep 21, 2016 · 2 comments
Closed

Document PyCrypto's hilarious/sad slowmath vs fastmath BS #819

bitprophet opened this issue Sep 21, 2016 · 2 comments
Labels

Comments

@bitprophet
Copy link
Member

@bitprophet bitprophet commented Sep 21, 2016

Background

While investigating some slow connection times for my employer, I narrowed our particular slowdown to public key authentication, and then specifically to the creation of the RSA algorithm object based on the key in question (a 2048-bit RSA key).

Searching around for why this operation would be slow led me to #270 (comment) which mentions the hitherto unknown to me 'slowmath' concept in PyCrypto.

More digging found this: https://github.com/dlitz/pycrypto/blob/7acba5f3a6ff10f1424c309d0d34d2b713233019/lib/Crypto/Util/number.py#L39-L53

tl;dr you need libgmp-dev, gmp-devel or similar installed to trigger building/using of this _fastmath.so module; otherwise, you get a significantly slower Python implementation of the same logic.

In my local testing, a key that takes on average 2.5-3.5s to generate its RSA object with slowmath, takes only 0.5-0.9s with fastmath. Presumably all sorts of other operations (like regular transit encryption, vs authentication signing) are faster in this setup as well - I am still testing.

To do

  • Add install documentation noting that if you install libgmp-dev etc, you may see significantly faster operations.
  • Doublecheck exactly what appears faster so I can quantify that a little better meh
  • Sanity check whether the average distro-distributed/built paramiko/pycrypto seems to be enabling fastmath or not, so we can quantify whether this mostly impacts from-source users or not. (I'd guess 'yes'.)
@bitprophet
Copy link
Member Author

@bitprophet bitprophet commented Sep 21, 2016

  • Debian 8's python-crypto depends on libgmp10 and does appear to distribute a _fastmath.so enabled PyCypto.
  • CentOS 6's PyCrypto is 2.0 and seems too old to exhibit the impl test I was looking at
  • CentOS 7's is 2.6.1 (same as I was testing), also relies on libgmp, is also using fastmath
bitprophet added a commit that referenced this issue Sep 21, 2016
@bitprophet
Copy link
Member Author

@bitprophet bitprophet commented Sep 21, 2016

Committed to the 1.15, 1.16 and 1.17 branches, should appear in those doc subsites momentarily. Does not impact 2.0 and above because yay cryptography.io.

@bitprophet bitprophet closed this Sep 21, 2016
bitprophet added a commit that referenced this issue Sep 21, 2016
bitprophet added a commit that referenced this issue Sep 21, 2016
Wheeee versions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant