slow logins -- some data for comparison

William Welch bvwelch at gmail.com
Thu May 30 00:24:18 WST 2013


Greetings,

An update -- the first step is complete -- modified the source to make use
of ltc_mp, but using ltm_desc and USE_LTM.  I generated an rsa host key and
logged in via ssh, as a basic test case.

A couple of small details I am working on -- there are some small
differences between the ltc_mp and ltm_desc structures -- near the end of
the ltm_desc there are some ifdefs that I haven't figured out yet. Any
hints?

I also notice two missing functions in the descriptors -- mp_addmod and
mp_prime_next_prime.  Should I add these to the structures?  Where, at the
end?

If anyone should care to follow along, I could, for example, put the
project up on github or wherever you like.  Or send patches.

Next up will be trying tomsfastmath.

Suggestions welcome!

William



On Sat, May 25, 2013 at 10:19 AM, Matt Johnston <matt at ucc.asn.au> wrote:

> I'd start from 2013.58. It's mostly a case of search/replace
> of function calls, though mp_init is a bit different I
> think (it allocates whereas the straight libtommath version
> doesn't?). Take a look at
> https://secure.ucc.asn.au/hg/dropbear/file/75509065db53/ecdsa.c#l169
> - the ltc_mp variable is set up at
> https://secure.ucc.asn.au/hg/dropbear/file/75509065db53/crypto_desc.c#l71
> so it could be set to tfm_desc instead.
>
> Tomsfastmath 0.12 would be best from libtom.org
>
> Cheers,
> Matt
>
>
>
> On Sat, May 25, 2013 at 10:01:16AM -0500, William Welch wrote:
> > Thank you for your reply.
> >
> > If I were to attempt to add support for tomsfastmath, using ltc_mp as you
> > described, which version of dropbear should I start from?  And where
> should
> > I obtain the tomsfastmath library?
> >
> > Thank you,
> >
> > William
> >
> >
> >
> > On Sat, May 25, 2013 at 3:41 AM, Matt Johnston <matt at ucc.asn.au> wrote:
> >
> > > Hi,
> > >
> > > I think the solution is to use tomsfastmath instead. There was a
> patched
> > > version posted a while ago on this list. Eventually I'd like to have
> > > Dropbear able to build against either tomsfastmath (for speed) or
> > > libtommath (for portability) using the ltc_mp mechanism in libtomcrypt.
> > >
> > > There's also ECC support nearly complete in the 'ecc' mercurial branch.
> > > That's a few times faster than normal kexdh. It adds around 30kB to
> binary
> > > size on x86. That should make it into the next Dropbear release, though
> > > only will help for recent OpenSSH peers.
> > >
> > > Matt
> > >
> > >
> > > William Welch <bvwelch at gmail.com> wrote:
> > >>
> > >> Greetings,
> > >>
> > >> First -- thank you for dropbear!  I have enjoyed using dropbear on
> > >> various smallish systems for years now!
> > >>
> > >> But I have a problem with a specific system -- admittedly it is rather
> > >> slow -- only 50 BogoMips according to the linux kernel. It is a
> Microblaze.
> > >>
> > >> I use the Buildroot system for many different routers and other small
> > >> systems here.  I have compared different versions of dropbear, against
> > >> openssh.
> > >>
> > >> My issue is with the server mode -- sshd --  I note that on dropbear
> 0.52
> > >> (which I happen to run on other routers here), I can connect from my
> ubuntu
> > >> or mac, to dropbear sshd, in about 45 seconds.  This is having
> disabled the
> > >> RSA host key, and already generated the DSS host key.   But on more
> recent
> > >> versions of dropbear, e.g. 2013.58, several minutes elapse without a
> > >> connection.
> > >>
> > >> In contrast, switching to openssh in buildroot, and also disabling the
> > >> RSA host key, connection time is 5 to 10 seconds!  Unfortunately, the
> > >> openssh has a huge 'footprint' in the flash filesystem that I would
> rather
> > >> avoid.
> > >>
> > >> The issue seems to be in the key exchange ( I can watch this by doing
> > >> 'ssh -v ' from my client connection).  Meanwhile, running 'top' on my
> > >> Microblaze shows near 100% cpu used.  the debug message is: expecting
> > >> SSH2_MSG_KEXDH_REPLY
> > >>
> > >> Buildroot has the gnu cross tool chain set to 'optimize for size' in
> all
> > >> cases.
> > >>
> > >> Suggestions welcome!
> > >>
> > >> thank you,
> > >>
> > >> William
> > >>
> > >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20130529/4151f8b7/attachment.htm 


More information about the Dropbear mailing list