Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
1.1.42 / Win32 MinGW : random number generation is very slow
llange at users
Aug 29, 2003, 5:34 AM
Post #1 of 6 (991 views)
Permalink
Hello,

I'm trying to generate MPI random numbers on a Win32 (MinGW on a
Win2000) platform. (More precisely, I'm trying to add support for an
encrypted protocol in GAIM, an Instant Messenging application)

In GAIM, I'm using the gcry_mpi_randomize function, with a level of :
GCRY_VERY_STRONG_RANDOM to generate a session key

According to my tests, the first random number generation in GAIM is
very, very slow during the first invocation (sometime it can take up to
1~2 minutes !!) which is too long for the interactive use I need it for.

However, I should note that a test program, *outside GAIM*, is very fast
to generate the first random number.

I didn't have the time to fully understand the internals of rndw32.c,
but here is the debug info with a timer ( QueryPerformanceCounter )
comparing the test program invoking gcry_mpi_randomize function, then
GAIM invoking gcry_mpi_randomize function.

The timer is the delta, in performance counter increments, between the
current log call and the precedent log call.

/* Test program */
duration: 0 rndw32#gather_random: platform=2
duration: 222 rndw32#gather_random: req=3 len=300 lvl=2
duration: 33 rndw32#slow_gatherer_95: init toolkit
duration: 46709 rndw32#slow_gatherer_95: walk heap
duration: 79843 rndw32#slow_gatherer_95: walk processes
duration: 9746 rndw32#slow_gatherer_95: walk threads
duration: 22015 rndw32#slow_gatherer_95: walk modules
duration: 2932 rndw32#slow_gatherer_nt: init toolkit
duration: 315 rndw32#slow_gatherer_nt: check product options
duration: 31493 rndw32#slow_gatherer_nt: netapi32 loaded
duration: 5816 rndw32#slow_gatherer_nt: get netstats
duration: 386 NOTE: you should run 'diskperf -y' to enable the disk
statistics
duration: 280 rndw32#slow_gatherer_nt: get perf data
duration: 2388387 rndw32#slow_gatherer_nt: get perf data
duration: 846706 rndw32#slow_gatherer_nt: get perf data
duration: 816804 rndw32#slow_gatherer_nt: get perf data
duration: 1184713 rndw32#gather_random_fast: req=1
duration: 820 rndw32#gather_random_fast: perf data
(A total of 3 heaps were walked)
heap 1, 56 blocks
heap 2, 2 blocks
heap 3, 114 blocks


/* GAIM */
duration: 0 rndw32#gather_random: platform=2
duration: 4154 rndw32#gather_random: req=3len=300 lvl=2
duration: 1869 rndw32#slow_gatherer_95: init toolkit
duration: 8215 rndw32#slow_gatherer_95: walk heap
duration: 328406929 rndw32#slow_gatherer_95: walk processes
duration: 13863 rndw32#slow_gatherer_95: walk threads
duration: 27643 rndw32#slow_gatherer_95: walk modules
duration: 35375 rndw32#slow_gatherer_nt: init toolkit
duration: 2366 rndw32#slow_gatherer_nt: check product options
duration: 3367 rndw32#slow_gatherer_nt: netapi32 loaded
duration: 5028 rndw32#slow_gatherer_nt: get netstats
duration: 2724 NOTE: you should run 'diskperf -y' to enable the disk
statistics
duration: 1762 rndw32#slow_gatherer_nt: get perf data
duration: 1353009 rndw32#slow_gatherer_nt: get perf data
duration: 872048 rndw32#slow_gatherer_nt: get perf data
duration: 838450 rndw32#slow_gatherer_nt: get perf data
duration: 1038618 rndw32#gather_random_fast: req=1
duration: 2711 rndw32#gather_random_fast: perf data
(A total of 10 heaps were walked)
heap 1, 678 blocks
heap 2, 2 blocks
heap 3, 16099 blocks
heap 4, 7 blocks
heap 5, 7 blocks
heap 6, 46 blocks
heap 7, 8 blocks
heap 8, 8 blocks
heap 9, 3 blocks
heap 10, 9 blocks

GAIM is a GTK 2.0 application, compiled with MinGW. As you can see from
the numbers, in GAIM quite all the numbers are a little higher (which
can be normal although I don't know why), but the striking difference is
the number before the 'walk processes' log call.

Considering the timer I added, this in fact means that the time spent
between the log line 'walk heap' and 'walk processes' is very important.
Considering the file 'rndw32.c', this means that the 'walk heap' loop is
very, very long indeed. I added a count of the number of heap / heap
blocks walked (nbr of calls to pHeap32ListNext / pHeap32Next) to compare.

When I define out the whole 'walk heap' block, the generation is very
fast, so the problem is really there.

Perharps we should consider limiting the loop to a given maximum number
of heaps / heap blocks walked in order to reduce the time spent there ?
Or limiting the number of calls to the inner 'add' function to a given
number of iterations ? (for my application, I limited this to 200 calls
max to the Add function inside the heap loop, and this is very fast
(total of ~2 second for generating the first key).)

As I don't really know the impact on the quality of the entropy pool, I
prefer asking advices on this subject.


Best regards,

Ludovic LANGE

Attached Files:

Re: 1.1.42 / Win32 MinGW : random number generation is very slow [ In reply to ]
lowhalo at hush
Aug 29, 2003, 7:06 AM
Post #2 of 6 (949 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi --

> (More precisely, I'm trying to add support for an encrypted
> protocol in GAIM, an Instant Messenging application)

I started a project that does just this back in November 2002.
Gaim + libgcrypt = Ultramagnetic (http://ultramagnetic.sourceforge.net/)

Please have a look at what I've created already. Its currently
in beta, but is rapidly maturing. Essentially, the only missing
features that prevent this project from declaring a stable release
is more testing and an ECB mode-to-CTR/CBC mode patch.

Win32 support works, kind of. Ultramagnetic currently uses
libgcrypt v1.1.12 because v1.1.42 deadlocks due to some kind of
thread library conflict with GTK/GDK. And from experience, Win32
doesn't like v1.1.12 too much so Windows support is a little
shaky at the moment. I hope to fix this soon.

I've been working on this project entirely by myself for the
last ten months. I'd be more than happy to welcome another
developer aboard!

- low halo

- --
low halo <lowhalo at-s1gn hush d0t c0m>
Defender of Truth and Liberty
http://ultramagnetic.sourceforge.net/

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9BFD99BF
58CE 3215 226A 69ED 4D20 4044 C925 54F9 9BFD 99BF

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/T14tySVU+Zv9mb8RAgk1AJ0afbtdCou1tZTgrgw6pqAeCW7ryACfQEoV
gGQll5s5VQckvk1yPfusdFI=
=cBXL
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Re: 1.1.42 / Win32 MinGW : random number generation is very slow [ In reply to ]
llange at users
Aug 29, 2003, 7:48 AM
Post #3 of 6 (950 views)
Permalink
Hello Low Halo,

>>(More precisely, I'm trying to add support for an encrypted
>>protocol in GAIM, an Instant Messenging application)
>
>
> I started a project that does just this back in November 2002.
> Gaim + libgcrypt = Ultramagnetic (http://ultramagnetic.sourceforge.net/)
>
> Please have a look at what I've created already. Its currently
> in beta, but is rapidly maturing. Essentially, the only missing
> features that prevent this project from declaring a stable release
> is more testing and an ECB mode-to-CTR/CBC mode patch.
>
> Win32 support works, kind of. Ultramagnetic currently uses
> libgcrypt v1.1.12 because v1.1.42 deadlocks due to some kind of
> thread library conflict with GTK/GDK. And from experience, Win32
> doesn't like v1.1.12 too much so Windows support is a little
> shaky at the moment. I hope to fix this soon.
>
> I've been working on this project entirely by myself for the
> last ten months. I'd be more than happy to welcome another
> developer aboard!


Thanks for your answer. I discovered your project a few days ago, and
that confirmed me into chosing libgcrypt as a solution for my needs.
(thanks by the way)

Our goals seem similar (implementing an encrypted protocol in Gaim)
indeed. What I'm trying to do, is to add support, in Gaim, for the
Trillian 'SecureIM' encrypted protocol. I unfortunately don't have to
time to work full time on such a project, and my goal was to publish, in
the form of a patch, the first bits allowing to receive such encrypted
messages.

I did succeed, and posted a first version (
http://sourceforge.net/tracker/index.php?func=detail&aid=777300&group_id=235&atid=300235
) of the patch to Gaim. However this was refused, because I used OpenSSL
as a library, and there are license incompatibilites between OpenSSL and
Gaim.

So I rewrote my patch to use libgcrypt library.

Now my work is almost done, my Gaim version is working (win32 +
libgcrypt 1.1.42) enough for me to update my patch.

As I said, I don't have nor time to work (full-time or part-time) on
such a big project for the time being, nor the competence (in encryption
field). However, I'll have a closer look on Ultramagnetic.

By the way, you are of course free to use my 'Trillian' patch in your
work if you want to support this protocol also (which should be regarded
as a compatibility protocol, because I read somewhere that the
Diffie-Hellman key exchange they use could be subject to a
man-in-the-middle attack, which may be a problem.)

Best regards,

Ludovic LANGE
Re: 1.1.42 / Win32 MinGW : random number generation is very slow [ In reply to ]
mo at g10code
Aug 29, 2003, 10:14 AM
Post #4 of 6 (972 views)
Permalink
<lowhalo@hush.com> writes:

> Ultramagnetic currently uses libgcrypt v1.1.12 because v1.1.42
> deadlocks due to some kind of thread library conflict with GTK/GDK.

The CVS version contains the new thread handling code, would be cool,
if you could give that a try.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))
Re: 1.1.42 / Win32 MinGW : random number generation is very slow [ In reply to ]
nmav at gnutls
Aug 30, 2003, 8:08 AM
Post #5 of 6 (951 views)
Permalink
On Fri, Aug 29, 2003 at 07:14:39PM +0200, Moritz Schulte wrote:

> > Ultramagnetic currently uses libgcrypt v1.1.12 because v1.1.42
> > deadlocks due to some kind of thread library conflict with GTK/GDK.
> The CVS version contains the new thread handling code, would be cool,
> if you could give that a try.
Just curious. How is the locking problem now solved? Is it transparent
like the previous implementation?

> moritz
> --
> ((gpg-key-id . "6F984199")
> (email . "moritz@duesseldorf.ccc.de")
> (webpage . "http://duesseldorf.ccc.de/~moritz/"))

--
Nikos Mavroyanopoulos
Re: 1.1.42 / Win32 MinGW : random number generation is very slow [ In reply to ]
mo at g10code
Aug 30, 2003, 8:15 AM
Post #6 of 6 (959 views)
Permalink
Nikos Mavroyanopoulos <nmav@gnutls.org> writes:

> Just curious. How is the locking problem now solved? Is it
> transparent like the previous implementation?

Well, if you link your application against the CVS version like you
linked it in the past, Libgcrypt will use the old auto-detection code.
But if you call libgcrypt-config with the parameter
`--thread={pth,pthread}', you select the thread library to use at link
time.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal