Meanwhile, the claim that software won't see a performance difference is
not true, for at least the DES software on Stratus systems. Did those
who made that claim present numbers from experiments showing the difference?
I didn't present any performance figures at the meeting. However, I've just
run some timings on a Sparc ELC, and the results are as follows:
Mode Throughput (Kbits/s)
==== ==========
ECB 164
CBC 156
EDE 92
EDE-CBC 90
CBC-EDE 51
Notice that 'CBC-EDE' mode (which we all agree is in principle faster if you're
using 3 DES chips in parallel) is the slowest with these particular sofware
implementations.
These figures are somewhat unfair to CBC-EDE mode, as if I'd put more work
into optimising this mode it would run faster. With a few additional
implementation tricks, CBC-EDE mode would have comparable performance to
EDE-CBC.
On the basis of the above numbers, CBC-EDE mode could be rejected as both
having doubtful security *and* having the worst performance.
Mike