New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document PyCrypto's hilarious/sad slowmath vs fastmath BS #819

Closed
bitprophet opened this Issue Sep 21, 2016 · 2 comments

Comments

Projects
None yet
1 participant
@bitprophet
Member

bitprophet commented Sep 21, 2016

Background

While investigating some slow connection times for my employer, I narrowed our particular slowdown to public key authentication, and then specifically to the creation of the RSA algorithm object based on the key in question (a 2048-bit RSA key).

Searching around for why this operation would be slow led me to #270 (comment) which mentions the hitherto unknown to me 'slowmath' concept in PyCrypto.

More digging found this: https://github.com/dlitz/pycrypto/blob/7acba5f3a6ff10f1424c309d0d34d2b713233019/lib/Crypto/Util/number.py#L39-L53

tl;dr you need libgmp-dev, gmp-devel or similar installed to trigger building/using of this _fastmath.so module; otherwise, you get a significantly slower Python implementation of the same logic.

In my local testing, a key that takes on average 2.5-3.5s to generate its RSA object with slowmath, takes only 0.5-0.9s with fastmath. Presumably all sorts of other operations (like regular transit encryption, vs authentication signing) are faster in this setup as well - I am still testing.

To do

  • Add install documentation noting that if you install libgmp-dev etc, you may see significantly faster operations.
  • Doublecheck exactly what appears faster so I can quantify that a little better meh
  • Sanity check whether the average distro-distributed/built paramiko/pycrypto seems to be enabling fastmath or not, so we can quantify whether this mostly impacts from-source users or not. (I'd guess 'yes'.)
@bitprophet

This comment has been minimized.

Member

bitprophet commented Sep 21, 2016

  • Debian 8's python-crypto depends on libgmp10 and does appear to distribute a _fastmath.so enabled PyCypto.
  • CentOS 6's PyCrypto is 2.0 and seems too old to exhibit the impl test I was looking at
  • CentOS 7's is 2.6.1 (same as I was testing), also relies on libgmp, is also using fastmath

bitprophet added a commit that referenced this issue Sep 21, 2016

@bitprophet

This comment has been minimized.

Member

bitprophet commented Sep 21, 2016

Committed to the 1.15, 1.16 and 1.17 branches, should appear in those doc subsites momentarily. Does not impact 2.0 and above because yay cryptography.io.

@bitprophet bitprophet closed this Sep 21, 2016

@bitprophet bitprophet added the Support label Sep 21, 2016

bitprophet added a commit that referenced this issue Sep 21, 2016

bitprophet added a commit that referenced this issue Sep 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment