Skip to content

Instantly share code, notes, and snippets.

@eevmanu

eevmanu/benchmark-ssh-key-ed25519-rounds.sh

Created January 14, 2025 05:09
Show Gist options
  • Save eevmanu/12b4b7c850c27f17438b4fa506436a83 to your computer and use it in GitHub Desktop.
Save eevmanu/12b4b7c850c27f17438b4fa506436a83 to your computer and use it in GitHub Desktop.
Download ZIP
benchmark the use of different rounds when creating a new ssh key with `ed25519` type in order to balance strength with speed
Raw
readme.md

anything in the range close to 1 second is good enough

remeber a strong passphrase is better than a high number of rounds

$ lscpu | egrep -i 'thread|core|socket'
Thread(s) per core:                   2
Core(s) per socket:                   6
Socket(s):                            1

Benchmarking ssh-keygen with Ed25519 on CPU: AMD Ryzen 5 7530U

Testing with 100 rounds...

Key generation took: .53 seconds

Testing with 200 rounds...

Key generation took: 1.05 seconds

Testing with 500 rounds...

Key generation took: 2.64 seconds

Testing with 1000 rounds...

Key generation took: 5.28 seconds

Raw
benchmark-ssh-key-ed25519-rounds.sh
#!/bin/bash
cpu_model=$(lscpu | grep "Model name" | awk -F: '{print $2}')
# cpu_model=$(lscpu | grep "Model name" | awk -F: '{print $2}' | tr -d '[:space:]')
echo "Benchmarking ssh-keygen with Ed25519 on CPU: $cpu_model"
rounds_values=(100 200 500 1000)
# rounds_values=(100 200 500 1000 1500 2000 3000 4000 5000)
for rounds in "${rounds_values[@]}"; do
echo "Testing with $rounds rounds..."
start_time=$(date +%s.%N)
ssh-keygen -t ed25519 -a "$rounds" -f /tmp/test_key -N "this-is-a-long-passphrase-and-vulnerable-one" -q &>/dev/null
end_time=$(date +%s.%N)
duration=$(echo "$end_time - $start_time" | bc)
echo "Key generation took: $duration seconds"
rm /tmp/test_key # Clean up the temporary key
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment