In order to determine the extent of the throughput difference between encrypted and unencrypted sessions, we measured the throughput performance of a file transfer ( ftp), in both directions across a 14.4kbps serial link line, using three textfiles that were equal in length (100,000 characters)
but differed in the degree to which they were conducive to compression. We then measured the latency to transfer each file in encrypted and nonencrypted form, across a 14.4kbps dialup PPP line, using modem compression.
The first text file consisted of
a series of a repeated character.
The second file consisted of
the result of a ls -R
command, presumably somewhat analogous
to English text.
The third file consisted of a a series of
characters selected randomly
We created two encrypted versions of each file, one with the unix crypt utility, the other with a unix des program.
We then sent the nine files across a dialup link to a remote system three times in each direction. There was little difference among the throughput performance of the three iterations. Table 1 shows the maximum values of the measured throughput performance of the file transfers. The table verifies our hypothesis; performance drops in half on random text (e.g., the result of encryption) if one is bandwidth-limited rather than CPU-limited. The interference among multiple layers of the network is critical to system performance.
: throughput performance (in kBytes/sec)
for unencrypted, crypt encrypted, and
des encrypted files
from home machine to sdsc machine across 14.4kbps line (using PPP)
For comparison, we measured the file sizes (in bytes) that the unix gzip and compress utilities were able to achieve on the nine 100,000 bytes files. Table 2 shows the results; n/a indicates that compress did not yield a file smaller than the original file.
: compression performance
using gzip (.gz) and compress (.Z)
on the 100,000-byte files described
(unencrypted, crypt encrypted, and
des encrypted)