From owner-freebsd-security@FreeBSD.ORG  Wed Oct 22 07:04:55 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 55E5816A4B3
	for <security@freebsd.org>; Wed, 22 Oct 2003 07:04:55 -0700 (PDT)
Received: from tenebras.com (dnscache.tenebras.com [66.92.188.165])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8C17343FBF
	for <security@freebsd.org>; Wed, 22 Oct 2003 07:04:54 -0700 (PDT)
	(envelope-from kudzu@tenebras.com)
Received: (qmail 69323 invoked from network); 22 Oct 2003 14:04:54 -0000
Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241)
  by laptop.tenebras.com with SMTP; 22 Oct 2003 14:04:54 -0000
Message-ID: <3F968E85.1030902@tenebras.com>
Date: Wed, 22 Oct 2003 07:04:53 -0700
From: Michael Sierchio <kudzu@tenebras.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de
MIME-Version: 1.0
To: security@freebsd.org
References: <20031022032740.GA2605@dub.net>
	<6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2>
	<3F9676FB.9020107@centtech.com>
In-Reply-To: <3F9676FB.9020107@centtech.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: hardware crypto and SSL?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2003 14:04:55 -0000

Eric Anderson wrote:

> The new VIA Eden-N processors have built in high-speed AES encryption 

Forgive me, but that's really not important -- for SSL the bulk
encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which
is efficient in software .  It's the handshake and public key
operations that really benefit from the use of HW crypto.

In which case the currently-supported cards (either by the
OpenBSD /dev/crypto scheme ported by Sam Leffler, or those
directly supported in the OpenSSL engine) all work fine.

IOW the current Soekris boards help quite a bit, and they
also help because they have a HW RBG which actually stirs
the entropy pool for /dev/random -- very helpful for not
running out of random bits on machines that have no
keyboard or mouse.