For starters, friends of mine with Apple OS X reported very low numbers from the version of OpenSSL that ships with OS X (intel). The command to have OpenSSL perform speed tests is: 'openssl speed rsa1024'. Numbers were around half those reported on identical machines running a 32-bit Ubuntu.
Much investigations ensued, and conclusions are:
- Apple ships a version of OpenSSL that misses certain optimizations. If you need performance for your applications, investigate which OpenSSL library they link against, and possibly investigate how to recompile or relink.
- Go 64-bit, in a hurry. Twice as many bits appear to deliver over twice as much performance.
- A modern Core2 based CPU running 64 bits code maxes out at about 1500 RSA1024 signatures/second/core, based on OpenSSL 1.0 beta 3, or Botan linked against GnuMP 4
- Non-beta OpenSSLs are quite a bit slower, but not dramatically so
- More naive code, that is not as highly optimized (like the otherwise excellent PolarSSL), will deliver around 1200 RSA1024 signatures/second/core (64 bits)
- These numbers scale linearly with the number of cores involved - my 600 euro PC delivers 6000 signatures/second ('0.10 euro/signature/second').
PS: Why RSA1024? Because this is what DNSSEC is about for the foreseeable future..