TL;DR
Symmetric encryption (like AES) is much faster than asymmetric encryption (like RSA). Use symmetric encryption for large amounts of data, and asymmetric encryption to securely exchange the keys needed for symmetric encryption. This guide shows you how to benchmark both types on your system.
Benchmarking Encryption Speed
- Choose a Benchmarking Tool: We’ll use OpenSSL, which is pre-installed on many Linux and macOS systems. Windows users may need to install it (e.g., via Chocolatey or from the official website).
- Symmetric Encryption Benchmark (AES): AES is a common symmetric encryption algorithm.
- Run this command in your terminal to benchmark AES-256 using a 1MB file:
openssl enc aes-256-cbc -salt -pbkdf2 -in test.txt -out encrypted.enc -pass pass:password - Repeat the command several times and note the time taken for each run. The
-saltoption adds a random salt, improving security. The-pbkdf2option uses Password-Based Key Derivation Function 2 to derive a strong key from your password.
- Run this command in your terminal to benchmark AES-256 using a 1MB file:
- Asymmetric Encryption Benchmark (RSA): RSA is a common asymmetric encryption algorithm.
- First, generate an RSA private key:
openssl genrsa -out private.pem 2048 - Then, extract the public key:
openssl rsa -in private.pem -pubout -out public.pem - Encrypt a small file (e.g., 1KB) using the public key:
openssl rsautl -encrypt -inkey public.pem -pubin -in test.txt -out encrypted.enc - Repeat several times and note the time taken for each run.
- First, generate an RSA private key:
- Compare Results: You’ll find that RSA encryption is significantly slower than AES encryption, especially for larger files. For example:
- AES-256 might take a few milliseconds to encrypt 1MB of data.
- RSA-2048 could take several seconds or even minutes to encrypt 1KB of data.
- Consider Key Exchange: Because asymmetric encryption is slow, it’s not practical for encrypting large amounts of data directly.
- Use asymmetric encryption (like RSA) to securely exchange a symmetric key (e.g., an AES key).
- Then, use the faster symmetric encryption algorithm (AES) to encrypt and decrypt the bulk of your data. This is called hybrid encryption.
- Example Hybrid Encryption Workflow:
- Generate an AES key randomly.
- Encrypt the AES key using the recipient’s public RSA key.
- Send both the encrypted data (encrypted with AES) and the encrypted AES key to the recipient.
- The recipient decrypts the AES key using their private RSA key.
- The recipient then uses the decrypted AES key to decrypt the data.
- Important Notes:
- These benchmarks are system-dependent (CPU speed, memory, etc.). Run them on your own hardware for accurate results.
- The size of the file being encrypted affects performance. Smaller files show more dramatic differences in encryption times.
- Always use strong passwords and appropriate key lengths for both symmetric and asymmetric encryption.