
For a long time in their projects, if encryption was necessary, they almost automatically chose AES (aka Rijndael), which is part of the Mcrypt library.
But the other day, while working on the backup script (in which a lot of attention is paid to execution speed), I decided to test which algorithm is the fastest.
Competition AES (Advanced Encryption Standard)
Since the natural strength of encryption is also very important, the main focus of the testing was on the algorithms of the finalists of the AES competition. If someone doesn’t know, it was a competition held by the National Institute of Standards and Technology (USA) to select a new cryptographic standard (which is used to encrypt, including secret documents up to the TOP SECRET level).
')
The finalists of the AES competition were 5 algorithms:
- Rijndael (which was eventually chosen as the AES standard)
- Serpent
- Twofish
- RC6
- Mars
The Mcrypt library implements the first 3 algorithms. In all of these algorithms, vulnerabilities have not yet been found. So in terms of cryptographic stability, they can be considered equivalent, and if there is no difference - why pay more. In this case, the board is processor time.
Testing
For testing a simple script was written that generates a data set and encrypts them with different algorithms. Testing was conducted on 3 servers:
- VPS (Linux, PHP 5.2.17)
- Dedic (FreeBSD, PHP 5.2.14)
- Local (Win 7, PHP 5.3.6)
Results will be presented in relative terms. When testing was selected mode MCRYPT_CBC, as the most suitable for encrypting files. Mcrypt 2.5.8 was used on all servers.
Testing was conducted 9 times, the 3 best results were averaged. The size of the data was chosen depending on the server so that the fastest algorithm could be executed for at least a second.
results
First, let's see how the results of all available algorithms on a dedicated server look like. The graph is plotted against the result of a better algorithm.
As you can see, the finalists of the AES competition look very good in terms of speed. And we have the undisputed leader - Twofish. Also pay attention to the DES algorithm - this is the former standard that you were looking for a replacement for. On the other servers, the results were similar, the only thing on the VPS server for some reason cast-128 took the lead and was 7% faster than Twofish.
Further, for greater clarity, we compare separately our AES finalists, on different servers.
The conclusion is quite obvious, Twofish - the winner of today's testing, and with a significant margin from the pursuers. Almost two-fold advantage even on the local server, and on a more loaded server the difference only increases up to 2.6 times. Naturally, we are talking about the implementation of these algorithms in PHP, and it is possible that in other libraries, the balance of forces may be different (especially those that support the new set of instructions for AES in Intel processors).
For those who want to conduct a test on their own, laid out a slightly
simplified script for testing.