SSH Performance limitations of Crypto Stick and others

I measured my ssh-authentication performance. My setup is as following:

  • crypto-stick v2 (beta)
  • 2048-bit key
  • opensc 0.13

When I authenticate with ssh and ssh-agent, it takes >1 second. The result is about the same with an ePass 2003 token I have also.

But when I use a private key on the machine, it takes ≃0.3 seconds.

So my questions are:

  1. Is this a limitation of the smart-card?
  2. If so, is there any faster smart-cards?
  3. Any other ideas on speeding it up? (But keeping the security of the chip.)

The difference you are measuring is most likely do to a combination of the smart card itself, its interface, and libraries, drivers etc. I’m not aware of any faster solutions or ways to speedup. But about 1 second isn’t exactly slow in my opinion Why is this an issue for you?

I work as a devops, and therefore I use ssh several hundreds of times a day. Therefore I would like to make it as fast as possible.

But at the same time I want maximum security. I choose to use a smartcard, as a hsm module, to make sure that if my machine is compromised, they would likely not be able to steal my private-key.

About the measurements, I could try to make a 4096-bit key, and see if that is much slower (4x slower). If it is, then this would indicate that it is the matematics that is slow.
(A real profiling would even be better :slight_smile: )

Regards,

Kjetil Nygård

Thanks for your feedback. In the next release of Crypto Stick Storage firmware we will have the performance of the smartcard increased by roughly 100%.

That is very promising.