From owner-freebsd-stable@FreeBSD.ORG Mon Jan 26 10:57:49 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3AE116A4CE for ; Mon, 26 Jan 2004 10:57:49 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id A233E43D5E for ; Mon, 26 Jan 2004 10:57:30 -0800 (PST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.10/8.12.10) with ESMTP id i0QIvKUE033795; Mon, 26 Jan 2004 13:57:20 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id i0QIvMNq003727; Mon, 26 Jan 2004 13:57:22 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.0.1.1.0.20040126133802.07bb2060@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Mon, 26 Jan 2004 13:55:59 -0500 To: Rumen Telbizov , Charles Swiger From: Mike Tancsa In-Reply-To: <20040126164948.GD230@e-card.bg> References: <20040126091424.GI688@e-card.bg> <6889E365-5016-11D8-B821-003065A20588@mac.com> <20040126155600.GB230@e-card.bg> <20040126164948.GD230@e-card.bg> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new cc: stable@freebsd.org Subject: Re: FreeBSD + Rainbow Cryptoswift X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2004 18:57:49 -0000 The only transformations supported by the hifn card are whats stated in the man page, to quote, "The hifn driver registers itself to accelerate DES, Triple-DES, AES (7955 and 7956 only), ARC4, MD5, MD5-HMAC, SHA1, and SHA1-HMAC operations for ipsec(4) and crypto(4)." For my applications, this is adequate. ---Mike At 11:49 AM 26/01/2004, Rumen Telbizov wrote: >On Mon, Jan 26, 2004 at 11:30:22AM -0500, Charles Swiger wrote: > > On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote: > > [ ... ] > > >I don't see anything related to RSA computations?! > > >Do you see any real acceleration in the RSA operations > > >while using this card or there is NO support for RSA in > > >the crypto device ? > > > > It might be worth asking the author of cryptodev and hifn whether the > > manpage is current with regard to RSA support. For my purposes, adding > > entropy and speeding up 3DES for ssh is useful, but you are right that > > HTTPS acceleration will want RSA. > > > > The hifn cards will do ARC4/MD5/SHA, which is still helpful to your > > situation, but doing SSL session startup with a 1024-bit RSA server > > certificate tends to be the hit that slows down a busy site, not > > streaming 40/128-bit encryption afterwards. > > > > Here's the results of an "openssl speed" on a machine with a 933MHz > > Tualatin: > >Well I my case the traffic that I will transfer will be very low. >The highest load is going to be in the authentication (client >based certificates) which is RSA public/private keys computations. >So the symetric cryptography is not a big interest. >As it is well known the public key encryption is not a big problem >since the public exponent is chosen to be one of the 3,17,65537 primes. >The slowdown is in the private key operations - they are very SLOW! >In this test the key column is SIGN - because then we have private key used! > >Here are my results on a Celeron 1700 of the RSA: >rsa 2048 bits 0.1024s 0.0030s 9.8 336.4 > >compared to yours: > > rsa 2048 bits 0.0959s 0.0029s 10.4 346.7 > >10.4(you) against 9.8(me) is not that much taking into account >that you have a crypto-card (which one did you use to make this test?) > >This makes me think that it might be worth buying more powerfull >processors than buying a crypto-card. > >Thank you for your test. > >Rumen Telbizov >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"