Win XP SP3 increases Crysis performance

[Philip_J_Fry]

You sound just like those stupid Apple comercials with the pot-head Apple dude. He'll end up just like the Dell dude I'm sure.

lol pot head apple du

lol hahaha n1 du, how bout that nerdy looking bill gates look alike aka. John Hodgman

that commercial is funny in a way that its stupid

[Clint]

This SP give me texture problems in Crysis and freezes on 3DMark06, Source games no problem, but no extra FPS
E6400
8800GTS
2GB

Windows now 50MB more hungry and is a little bit slower the system. But maybe is from the BETA, its not final.

Hrmm, I believe I did post something to indicate that:
http://www.xtremesystems.org/forums/...58#post2478858

...before going "it feels faster" on me...please read up on the Kernel Mode Cryptographic Module and what function it has. (this is what's eating that extra RAM)

I know RPGWIZARD did an excellent post, but I'll have to be very convinced that this is not only a MS trickster to get us to install the nasty stuff from Vista (read Kernel Mode Cryptographic Module/Driver Polling/"DRM related" crap) before I plug it in.

Driver and application optimization to trick he buyers is not really something new these days, so I definately need more empirii before I buy this...

Gaining performance by adding a such a heavy cryptographic function like that is just not happening in my world...

[Eastcoasthandle]

Hrmm, I believe I did post something to indicate that:
http://www.xtremesystems.org/forums/...58#post2478858

...before going "it feels faster" on me...please read up on the Kernel Mode Cryptographic Module and what function it has. (this is what's eating that extra RAM)

I know RPGWIZARD did an excellent post, but I'll have to be very convinced that this is not only a MS trickster to get us to install the nasty stuff from Vista (read Kernel Mode Cryptographic Module/Driver Polling/"DRM related" crap) before I plug it in.

Driver and application optimization to trick he buyers is not really something new these days, so I definately need more empirii before I buy this...

Gaining performance by adding a such a heavy cryptographic function like that is just not happening in my world...

Wasn't that also found in win2k?

[Clint]

Wasn't that also found in win2k?

Do you mean jump in memoryusage, or?

[Eastcoasthandle]

Do you mean jump in memoryusage, or?

Maybe I don't understand the concern you have. From what I know Kernel Mode Cryptographic Module uses FIPS 140-1 which is suppose to be the lowest security level (1-4). What am I missing?

[Clint]

Maybe I don't understand the concern you have. From what I know Kernel Mode Cryptographic Module uses FIPS 140-1 which is suppose to be the lowest security level (1-4). What am I missing?

Well, I think Vista is using 140-2 now.

With Vista and 2008 server they have added three new modes in the CNG; CBC, CCM (Counter with CBC) and GCM (Galois/Counter Mode) of wich CCM and GCM uses the AES-128 Algorithm.

The first thing that comes to mind when thinking about Vista "features" and AES-128 algoritms is of course that the HD content sent to video devices has to be encrypted with AES-128.

Allow me to quote from Gutmann's page.

In order to prevent tampering with in-system communications, all communication flows have to be encrypted and/or authenticated. For example content sent to video devices has to be encrypted with AES-128. This requirement for cryptography extends beyond basic content encryption to encompass not just data flowing over various buses but also command and control data flowing between software components. For example communications between user-mode and kernel-mode components are authenticated with OMAC message authentication-code tags, at considerable cost to both ends of the connection. The initial crypto handshake is:

driver -> application: cert + nonce
application -> driver: RSA-OAEP-SHA512( nonce || key || seqNo1 || seqNo2 )

In this step the driver supplies its certificate to the calling application via DxgkDdiOPMGetCertificate() and a 128-bit nonce via DxgkDdiOPMGetRandomNumber(). This is either a COPP or an OPM certificate, with COPP being the older Windows XP content protection and OPM being the newer Windows Vista one. There's also a third type of fleur-de-lis certificate that the driver uses if it has a UAB (User-Accessible Bus). The certificates contain a 2048-bit RSA key which is used to encrypt a 40-byte payload containing the nonce provided by the driver, a 128-bit session key, and two 32-bit initial sequence numbers (they start at random values), the first number is for status messages via DxgkDdiOPMGetInformation() and the second for command messages via DxgkDdiOPMConfigureProtectedOutput().

Once the keys are set up, each function call is:

in = OMAC( nonce || seqNo || data )
out = OMAC( nonce || seqNo || data )

(I've used conventional bits-on-the-wire notation for this, the values are actually fields in a structure so for example the sequence number is provided in the ulSequenceNumber member). This is very similar to the protocol used in SSL or SSH (in practice some steps like cipher suite negotiation are omitted, since there's a hardcoded set of ciphers used). Finding SSL being run inside a PC from one software module to another is just weird.

Needless to say, this extremely CPU-intensive mechanism is a very painful way to provide protection for content, and this fact has been known for many years. Twenty years ago, in their work on the ABYSS security module, IBM researchers concluded that the use of encrypted buses as a protection mechanism was impractical.

In order to prevent active attacks, device drivers are required to poll the underlying hardware every 30ms for digital outputs and every 150 ms for analog ones to ensure that everything appears kosher. This means that even with nothing else happening in the system, a mass of assorted drivers has to wake up thirty times a second just to ensure that… nothing continues to happen (commenting on this mechanism, Leo Laporte in his Security Now podcast with Steve Gibson calls Vista “an operating system that is insanely paranoid”). In addition to this polling, further device-specific polling is also done, for example Vista polls video devices on each video frame displayed in order to check that all of the grenade pins (tilt bits) are still as they should be. We already have multiple reports from Vista reviewers of playback problems with video and audio content, with video frames dropped and audio stuttering even on high-end systems [Note I]. Time will tell whether this problem is due to immature drivers or has been caused by the overhead imposed by Vista's content protection mechanisms interfering with playback.

http://www.cs.auckland.ac.nz/~pgut00..._cost.html#cpu

CNG features:
http://msdn2.microsoft.com/en-us/library/bb204775.aspx

..there is not enough info available today regarding the content of the SP3 for XP, but rest assured that MS and allies can't let the XP users (now that they have prolonged it's life due to ppl's recent to Vista) sit and "be without" those fantastic "features" Vista provides to software and media makers.

[Eastcoasthandle]

Well, I think Vista is using 140-2 now.

With Vista and 2008 server they have added three new modes in the CNG; CBC, CCM (Counter with CBC) and GCM (Galois/Counter Mode) of wich CCM and GCM uses the AES-128 Algorithm.

The first thing that comes to mind when thinking about Vista "features" and AES-128 algoritms is of course that the HD content sent to video devices has to be encrypted with AES-128.

Allow me to quote from Gutmann's page.

http://www.cs.auckland.ac.nz/~pgut00..._cost.html#cpu

CNG features:
http://msdn2.microsoft.com/en-us/library/bb204775.aspx

..there is not enough info available today regarding the content of the SP3 for XP, but rest assured that MS and allies can't let the XP users (now that they have prolonged it's life due to ppl's recent to Vista) sit and "be without" those fantastic "features" Vista provides to software and media makers.

IC,
What's going to happen eventually if performance decreases at all or have issues with certain media applications and downloading capabilities they are going to format and only use SP2. They may not know why they are having a problem but they will know they had no problem until SP3 was installed. Making this fruitless effort IMO. With Vista you have no choice, with XP you do. We will have to wait and see how this develops.

I found a MS document dating 2002 regarding this very issue right here. It a PDF file and its worth reading. They were using Kernel Mode Cryptographic Module since windows 2000. As a matter of fact if you look on page 3 you will see:

Windows 2000 with SP2 FIPS.SYS was
validated for FIPS 140-1 Level 1 in Jul 2000, Certificate # 106

.

-

[Clint]

IC,
What's going to happen eventually if performance decreases at all or have issues with certain media applications and downloading capabilities they are going to format and only use SP2. They may not know why they are having a problem but they will know they had no problem until SP3 was installed. Making this fruitless effort IMO. With Vista you have no choice, with XP you do. We will have to wait and see how this develops.

I found a MS document dating 2002 regarding this very issue right here. It a PDF file and its worth reading. They were using Kernel Mode Cryptographic Module since windows 2000. As a matter of fact if you look on page 3 you will see:
.

-

True, it has been used for SSL and such for some time now.

Going to be interesting to see what numbers we will see later on, and I don't mean "feeling" of it going "smoother" ...hehe

[NightCrawler™]

I've tried it today and it gave me nothing in performance nor smoothness.. Maybe my system is too "old" to notice any improvements...

I restored my PC back to SP2 as I have loads of custom system files which were replaced by SP3 and I didn't feel like it to mod them all over again...