Request for feedback: how slow is your slowest MAAS cloud?
Mike Pontillo
mike.pontillo at canonical.com
Fri Jun 2 00:46:52 UTC 2017
Hi all,
As part of our planning for MAAS 2.3, I'm investigating how we'll
determine when VLANs seen by two MAAS rack controllers belong to the same
fabric.
In doing so, I'm looking at deriving an shared key that can be used to
encrypt network traffic between peer rack and region controllers, and
eventually commissioned machines. The industry standard for key derivation
is the PBKDF2 algorithm, which makes brute force attacks to derive the
password from the key harder (by repeatedly running a hash function).
Since hash functions are very fast on modern hardware, we need to strike
a balance between making it efficient to derive the key, and making it
impractical for an attacker to launch a brute-force attack to determine the
pre-shared key it's based on.
So my question to the community is: how slow is your slowest MAAS cloud
[at key derivation]? To find out, run the following commands on your MAAS
region, rack, or deployed machines:
sudo apt-get install -yu nettle-bin
time echo key | nettle-pbkdf2 -i 1000000 salt
This will check how long it takes to run 1,000,000 iterations of
HMAC-SHA256. I want to know what the slowest-of-the-slow is, and what
hardware it's running. So far the record is 1.68 seconds, but we've only
tested a few different x86_64 nodes thus far. It would be good to get an
idea how slow other less-common architectures can be. If answers could be
in the following format, that would be appreciated:
Derivation time: x.xx seconds
Architecture:
Model name:
CPU architecture and model name can be determined by doing something
like:
lscpu | egrep '^Architecture|Model name'
Thanks in advance,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20170601/a159f770/attachment.html>
More information about the Maas-devel
mailing list