Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 03 Sep 2010 11:48:44 +0200
From:      Ivan Voras <ivoras@freebsd.org>
To:        freebsd-net@freebsd.org
Cc:        freebsd-security@freebsd.org
Subject:   Re: seeking current supported crypto co-processors
Message-ID:  <i5qg9s$mi9$1@dough.gmane.org>
In-Reply-To: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com>
References:  <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 09/03/10 02:35, Ricky Charlet wrote:
> Howdy,
>     <this messages is cross posted in freebsd-security and freebsd-net>
>
>          I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x.  By perusing through the crypto-dev (and subsequently referenced) man page(s) I found this list:
> Hifn 7751/7951/7811/7955/7956 crypto accelerator
> SafeNet 1141/1741
> Bluesteel 5501/5601
> Broadcom bcm5801/5802/5805/5820/5821/5822/5823/5825
>
>          Those are all pretty old (and in some cases, no longer existent). I'm surveying these lists to see if anyone knows of more modern chips working with FreeBSD 8.x. Or if you feel some chip on the list above is up to the task of near about 1 Gb throughput across a PCIe and has friendly vendor support for FreeBSD, I'd sure like to hear about that too.
>

I'm not saying they are useless but are you really sure you need them? 
Even on the last generation of CPUs without AES instructions you can 
easily get 125 MB/s of AES-128 encryption and 300 MB/s of RC4 per CPU 
core, so even one core can saturate a 1 Gbit/s link. You can setup a 
cheap box to be a SSL proxy in front of the real web servers to offload SSL.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?i5qg9s$mi9$1>