Aes-ctr for fast crypto



  • As per the latest blog piece, what is the status on AES-CTR (Counter mode) support for IPsec?  OpenSSH prefers counter mode by default and the performance is quite significant compared to CBC mode.

    OpenSSL speed benchmark example:

    type                 16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128-cbc        467308.07k   519446.61k   539072.85k   542258.86k   543350.78k
    aes-128-ctr        372502.28k  1076462.27k  1883048.79k  2410511.36k  2672528.04k
    aes-128-gcm        241830.67k   583661.95k   765165.91k   840589.65k   837268.82k
    camellia-128-cbc    71470.59k   109661.25k   127749.63k   134138.54k   135187.11k