Date: Wed, 22 Oct 2003 07:04:53 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: security@freebsd.org Subject: Re: hardware crypto and SSL? Message-ID: <3F968E85.1030902@tenebras.com> In-Reply-To: <3F9676FB.9020107@centtech.com> References: <20031022032740.GA2605@dub.net> <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> <3F9676FB.9020107@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Anderson wrote: > The new VIA Eden-N processors have built in high-speed AES encryption Forgive me, but that's really not important -- for SSL the bulk encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which is efficient in software . It's the handshake and public key operations that really benefit from the use of HW crypto. In which case the currently-supported cards (either by the OpenBSD /dev/crypto scheme ported by Sam Leffler, or those directly supported in the OpenSSL engine) all work fine. IOW the current Soekris boards help quite a bit, and they also help because they have a HW RBG which actually stirs the entropy pool for /dev/random -- very helpful for not running out of random bits on machines that have no keyboard or mouse.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F968E85.1030902>