3

I have run openssl speed and the output on my CPU for longest available DSA key size, which is 2048 bits:

                      sign      verify    sign/s    verify/s
rsa 2048 bits    0.029185s   0.000799s      34.3      1252.3
dsa 2048 bits    0.007979s   0.009523s     125.3       105.0

To be honest, I was expecting larger amount of time to verify the keys, since people are often comparing the use of these two algorithms giving time of key verification as an argument for using RSA, because 'you generate (sign) the key once but end users verify it way more often'.

I must be missing something then, because since the key is verified in a fraction of a second, I cannot see a reason to say RSA is better, if one user just verifies the key at most couple of times a day when reading e-mails or downloading programs.

Is there any other reason why verification speed is significant or am I missing something else?

James Pond
  • 77
  • 2
  • 9

2 Answers2

4

No, you're not missing anything. Current processors for desktops and laptops are just ridiculously fast. OpenSSL is a native application that can make most of that.

In general CPU speed on laptops is not much of an issue. It can be an issue on embedded devices of course. Or on higher level languages. Or when latency is very important (e.g. authentication of many TLS connections). Note that normally you don't need to verify one challenge-response, you need to verify a chain of certificates as well. So there are many reasons why verification speed suddenly becomes important again.

In general it is much better to focus on security first and to perform optimizations later. Having a good, flexible design should allow for any signature generation algorithm. If somebody tells you not to use DSA because of speed issues for 2048 bit keys without knowledge of the runtime system then I would seriously question their experience level.

Kind of like the manager that tells you not to use new in methods of your Java toString implementation because it could slow down the application.

Note that 2048 bit keys are starting to get bit too small for comfort for applications that require high security. If you use, say, 3Ki keys then the performance will drop (although the algorithms that uses RSA signature generation will suffer the most).

There may be other reasons to choose RSA over DSA of course. With RSA you also don't need to know about these pesky domain parameters and subkey sizes. RSA is pretty easy to understand and use compared to DSA and ECDSA. So in that sense you could ask yourself why you should not be using RSA.

Community
  • 1
Maarten Bodewes
  • 4,602
  • 15
  • 29
  • Much appreciated, wanted to link that question for 'verification speed' proof, but the top answer seemed a little bit off due to 'encryption and decryption' of DSA. No idea what the author meant. – James Pond Aug 21 '15 at 16:31
0

To be honest, I was expecting larger amount of time to verify the keys

1:

Let us say the client is you and the server is this website:

enter image description here

The process involved before you get the final response to be able to use this website obeys to a PKI infrastructure where the TLS handshake protocol (where RSA, DSA, AES ... can be evolved) simplified is something like:

enter image description here

Knowing that your access to here is allowed only after the step 9 is fulfilled, you can imagine that you are lucky the key verification process occurred in a so short time that you do not even feel.

2:

Authors of OpenSSL developed a benchmarking suite directly into the openssl binary that you can use via the speed command. If you check its manual you, you will read in its description:

This command is used to test the performance of cryptographic algorithms.

It tests how many operations it can perform in a given time (how many bytes can be performed per second), but the output you got depends entirely on the hardware the command is running on.

I mentioned this to let you know you have been just a little bit confused: the performance of RSA and DSA that you test using openssl speed does not reflect their security or necessarily which one is better than the other for reasons I explained to you.

I think this answers fully your question. Now, if you are interested in comparing these 2 algorithms, you may read the accepted answer of this question: RSA vs. DSA for SSH authentication keys

Community
  • 1
  • Thanks sir, but don't you think the top answer is a little bit off? – James Pond Aug 22 '15 at 16:07
  • @JamesPond Most things mentioned through the other answer are right. But the problem is that it does not answer your question. The answer is talking about something else, other than your actual question. –  Aug 22 '15 at 16:58