|
|
|
|
|
|
by michwill
3296 days ago
|
|
|
I think, the biggest latency hit will be from re-encrypting a symmetric key which encrypts messages, once in a while. This will result in occasional delays of ~0.25 ms (that's how much one operation with elliptic curve crypto takes). The other bottleneck will be from the block cipher, when you actually encrypt/decrypt messages. Our open source version currently doesn't use AES-NI for that, so limited by performance of unaccelerated AES256 (few hundred k messages per second). This impact can be made negligible when using AES-NI (will come soon). When using granular encryption, the performance bottleneck will shift to parsing messages (avro, for example), and will be limited by the performance of the parser. |
|
|
I was previously really impressed by how it improved my IPSec performance.