EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Secure Black Box SSH

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#9481
Posted: 03/31/2009 07:22:32
by Jon Peppers (Basic support level)
Joined: 03/31/2009
Posts: 4

We would like to use your product, but from your sample/trial it doesn't look like it supports our needs.

Can you forward say 127.0.0.1:139 to a loopback adapter on the client (such as 128.0.0.1) rather than forwarding it to localhost? There doesn't seem to be a property in your class to accommodate that.

We also cannot conduct a speed test because of the way your trial delays 1.5 seconds as mentioned in the documentation. We cannot purchase your product unless we can determine it is faster than an open source alternative we've discovered.
#9484
Posted: 03/31/2009 07:52:00
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

Quote
Can you forward say 127.0.0.1:139 to a loopback adapter on the client (such as 128.0.0.1) rather than forwarding it to localhost? There doesn't seem to be a property in your class to accommodate that.

All the addresses can be specified via the corresponding properties (ForwardedHost, ForwardedPort, DestHost, DestPort) of the forwarding classes.

Quote
We also cannot conduct a speed test because of the way your trial delays 1.5 seconds as mentioned in the documentation. We cannot purchase your product unless we can determine it is faster than an open source alternative we've discovered.

Please request a temporary unlock key here.
#9600
Posted: 04/07/2009 13:25:50
by Jon Peppers (Basic support level)
Joined: 03/31/2009
Posts: 4

Hi, we have a few questions,

We specifically need to use the port forwarding over SSH in your library. We are port forwarding Samba on a Linux server and mapping a network drive on Windows in this fashion, but we are trying to find the fastest possible method.

Specifically we want to get times close to what we could get over just a VPN (IPSec). Even putty falls short, so we are looking for a solution that is faster than putty.

Yet, we have found your library seems very slow versus Putty:

Program Write Read
SecureBB 1:28 avg 0:20.2 avg
SecureBB w/ Compression 1:27 avg 0:20.3 avg
Putty no Compression 0:09 avg 0:05.2 avg
Putty w/ Compression 0:06 avg 0:05 avg

This test was reading/writing a 20MB file using a 32 KB buffer.

Putty's compression we passed a -C, which should use zlib. For SecureBlackBox we used:
m_sshTunnel.set_CompressionAlgorithms(SBSSHConstants.__Global.SSH_CA_ZLIB, true);

Is there any way your library can beat putty's speed in port forwarding? Can we use a better compression algorithm, or use a different class?

We have merely modified the sample titled "LocalPortForwarding" and turned off the UI interaction from events. We also compiled the sample in Release mode and ran it directly from the executable (not in Visual Studio).

Here is a link to a forum where we describe our problem in detail:
http://www.experts-exchange.com/OS/Linux/Q_24299949.html

Any ideas on optimizing SecureBlackBox? We would like to use your library merely because we could port forward within our process (Putty has to run in a second process), but we would like speeds faster than Putty as well.
#9601
Posted: 04/07/2009 13:43:25
by Ken Ivanov (EldoS Corp.)

Which exactly LocalPortForwarding sample did you use? There are two samples with such name; the first one is located in the Samples\C#\SSHBlackbox\Client\LocalPortForwarding directory, and the second one in the Samples\C#\SSHBlackbox\Client\SimplePortForwarding\Local directory. We suggest you to use the second one, as it uses high-level forwarding classes with built-in socket support.
#9602
Posted: 04/07/2009 13:50:11
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Also, please check, which encryption algorithm is used by SBB. 3DES is quite slow, especially .NET version.
#9603
Posted: 04/07/2009 14:27:42
by Jon Peppers (Basic support level)
Joined: 03/31/2009
Posts: 4

Running the second sample, I got times of:

Write: 00:21.5
Read: 00:12.2

Which is still slower than putty.

So then I turned on Blowfish encryption:
forwarding.set_EncryptionAlgorithms(SBSSHConstants.__Global.SSH_EA_BLOWFISH, true);

Before, we just left the default encryption on the sample.

We got slightly better times but still worse than Putty:
Write: 00:20.5
Read: 00:8.5

Putty is doing AES encryption, so we tried setting that:
forwarding.set_EncryptionAlgorithms(SBSSHConstants.__Global.SSH_EA_AES128, true);
Write: 00:25.4
Read: 00:8.5

I am skeptical that your library can beat Putty's times. And we want a solution that is faster than putty! Any other suggestions?
#9604
Posted: 04/07/2009 14:40:18
by Ken Ivanov (EldoS Corp.)

Quote
So then I turned on Blowfish encryption:
...
Putty is doing AES encryption, so we tried setting that:

Just to ensure -- have you turned other encryption algorithms off along with enabling Blowfish/AES?

Please try to set Priority property to TSBSSHForwardingPriority.sfpHigh -- this should increase the speed.
#9605
Posted: 04/07/2009 14:45:08
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

set_EncryptionAlgorithms() method just enables or disables usage of the corresponding algorithm during key exchange. To be sure that this algorithm will be chosen, you should set all other algorithms to false.

And, as I told before, performance of .NET implementation is worse than VCL one (it is a price for managed environment), and difference depends on cipher : AES is ~ 2 times slower, but Blowfish and Twofish performance is comparable to VCL.
#9606
Posted: 04/07/2009 15:03:03
by Jon Peppers (Basic support level)
Joined: 03/31/2009
Posts: 4

I had been using set_EncryptionAlgorithms() correctly.

So I tried setting the priority, but it still could not touch Putty.

I think we are just going to look into finding another solution.

Fastest was Blowfish on High Priority:
Write: 00:18.5
Read: 00:08.1

We also compared the CPU usage on Putty versus your library and saw putty never went past 07%, but the SecureBlackBox app used the full 50% of my dual-core cpu.
#9607
Posted: 04/07/2009 15:26:15
by Ken Ivanov (EldoS Corp.)

We are sorry for not satisfying your needs. Hope you will find the solution that will achieve the speeds you are trying to reach.

As Mykola said, speed differences may be (and are likely to be) caused by the managed nature of CLR. If you are running for speed, we recommend you to take a look at the solutions implemented in native code.

Quote
We also compared the CPU usage on Putty versus your library and saw putty never went past 07%, but the SecureBlackBox app used the full 50% of my dual-core cpu.

This takes place only for sfpHigh priority level. In any case, processor usage can be tuned up by handling TElSSHForwardedConnection.OnConnectionWork event and running a Thread.Sleep() code inside the handler.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 2618 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!