Just so this does not get lost – I’ve been doing some RSA1024 signing experiments because of my ‘DNSSEC on PowerDNS’ experiment, and the results were at first confusing.
For starters, friends of mine with Apple OS X reported very low numbers from the version of OpenSSL that ships with OS X (intel). The command to have OpenSSL perform speed tests is: ‘openssl speed rsa1024’. Numbers were around half those reported on identical machines running a 32-bit Ubuntu.
Much investigations ensued, and conclusions are:
- Apple ships a version of OpenSSL that misses certain optimizations. If you need performance for your applications, investigate which OpenSSL library they link against, and possibly investigate how to recompile or relink.
- Go 64-bit, in a hurry. Twice as many bits appear to deliver over twice as much performance.
- A modern Core2 based CPU running 64 bits code maxes out at about 1500 RSA1024 signatures/second/core, based on OpenSSL 1.0 beta 3, or Botan linked against GnuMP 4
- Non-beta OpenSSLs are quite a bit slower, but not dramatically so
- More naive code, that is not as highly optimized (like the otherwise excellent PolarSSL), will deliver around 1200 RSA1024 signatures/second/core (64 bits)
- These numbers scale linearly with the number of cores involved – my 600 euro PC delivers 6000 signatures/second (‘0.10 euro/signature/second’).
It also looks like no worthwhile general purpose RSA hardware accelerators are available for use from Linux – Sun ships one, but its performance is not stellar (a lot more than 0.10 euro/signature/second), but it is not cheap, plus it is only officially supported on Sun hardware. If anyone has better ideas, please let me know!
PS: Why RSA1024? Because this is what DNSSEC is about for the foreseeable future..