On Wednesday, 11 November 2015, Bryan Drewery <bdrewery_at_freebsd.org> wrote: > On 11/10/15 9:52 AM, John-Mark Gurney wrote: > > My vote is to remove the HPN patches. First, the NONE cipher made more > > sense back when we didn't have AES-NI widely available, and you were > > seriously limited by it's performance. Now we have both aes-gcm and > > chacha-poly which it's performance should be more than acceptable for > > today's uses (i.e. cipher performance is 2GB/sec+). > > AES-NI doesn't help the absurdity of double-encrypting when using scp or > rsync/ssh over an encrypted VPN, which is where NONE makes sense to use > for me. > I have to agree that there are cases when the NONE cipher makes sense, and it is up to the end user to make sure they know what they are doing. Personally I have used it at home to backup my old FreeBSD server (which does not have AESNI) over a dedicated network connection to a backup server using rsync/ssh. Since it was not possible for anyone else to be on that local network, and the server was so old it didn't have AESNI and would soon be retired, using the NONE cipher sped up the transfer significantly. If the patch is made easy enough to maintain (as some subsequent posts have implied), I quote the NONE cipher stays. I would even like to see it compiled in by default (but disabled in the default configuration file). That way you wouldn't need a custom compiled base to use it - just edit the config file. Regards, Ben -- -- From: Benjamin Woods woodsb02_at_gmail.comReceived on Wed Nov 11 2015 - 06:40:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:00 UTC