RFR 8215643: Microbenchmarks for KeyAgreement and Cipher
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu Dec 20 19:03:45 UTC 2018
Thanks for adding in AES/256. I think your rationale for DH is fine, it
was something that I was more curious about than concerned. The
-pkeyLength option gives the benchmarks the flexibility we need if we
want to try larger or smaller keys. I don't think we need to include
other sizes by default.
Getting some feedback from a JMH expert is definitely a good idea. I'll
be interested to see what feedback and suggestions they have to offer,
if any.
Thanks,
--Jamil
On 12/20/2018 7:53 AM, Adam Petcher wrote:
> updated webrev: http://cr.openjdk.java.net/~apetcher/8215643/webrev.01/
>
> On 12/19/2018 4:49 PM, Jamil Nimeh wrote:
>
>> Hi Adam. On the whole the benchmarks look good to me. Can I ask why
>> those ciphers and key agreement schemes that support multiple key
>> lengths aren't called out in the @Param annotations? I'm thinking
>> 192 and 256 bit for AES and maybe 1024 and 3072 and/or 4096 for DH.
>> Do we not need numbers across various key lengths with these
>> microbenchmarks?
>
> There probably needs to be some balance in the default parameters that
> are included in the test. If we include too many, then the test will
> take too long to run. My strategy here is to include default
> parameters for only the most important key sizes, and for things that
> we want to keep an eye on (ECDH 521 is only there because we have been
> tinkering with it). Including AES 256 in the defaults is probably a
> good idea, and I added it in the latest webrev. I think 192 is less
> important, because it isn't widely used. For DH, benchmarking it at
> all may not be really valuable, but I added it for completeness. I
> don't think it is worthwhile to test multiple key sizes for DH, and
> 1024 is too small these days. If you have any other suggestions for
> default key sizes, let me know. But keep in mind that we don't need to
> be complete, because someone running the benchmark can always do
> -pkeyLength=... to choose other sizes.
>
> Thanks for the review. This is my first time writing a microbenchmark,
> so I would like to also get a review from a JMH/microbenchmark expert
> before I push.
>
More information about the security-dev
mailing list