Date: Wed, 22 Oct 2003 07:09:19 -0700 From: Bill Swingle <unfurl@dub.net> To: Michael Sierchio <kudzu@tenebras.com> Cc: security@freebsd.org Subject: Re: hardware crypto and SSL? Message-ID: <20031022140919.GA61094@dub.net> In-Reply-To: <3F968E85.1030902@tenebras.com> References: <20031022032740.GA2605@dub.net> <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> <3F9676FB.9020107@centtech.com> <3F968E85.1030902@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 22, 2003 at 07:04:53AM -0700, Michael Sierchio wrote: > Eric Anderson wrote: >=20 > >The new VIA Eden-N processors have built in high-speed AES encryption=20 >=20 > Forgive me, but that's really not important -- for SSL the bulk > encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which > is efficient in software . It's the handshake and public key > operations that really benefit from the use of HW crypto. >=20 > In which case the currently-supported cards (either by the > OpenBSD /dev/crypto scheme ported by Sam Leffler, or those > directly supported in the OpenSSL engine) all work fine. >=20 > IOW the current Soekris boards help quite a bit, and they > also help because they have a HW RBG which actually stirs > the entropy pool for /dev/random -- very helpful for not > running out of random bits on machines that have no > keyboard or mouse. When you say that they help quite a bit, do you mean for http+SSL or some other application? What I'm getting at is this: can anyone actually confirm that using hardware crypto can increase http+SSL speeds? I've yet to find any mention of it on the web. (Basicly the problem I'm trying to solve is for a web-based app that we recently discovered is tons faster without SSL but SSL is a requirement) -Bill --=20 -=3D| Bill Swingle - <unfurl@(dub.net|freebsd.org)> -=3D| Every message PGP signed -=3D| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=3D| "Computers are useless. They can only give you answers" Pablo Picasso= =20 --/04w6evG8XlLl3ft Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/lo+PUgAclY4JAiMRAuv7AJ9Md2NrBzfZalRCyVMSbS/PP2k9GwCfb3+/ wR0Di/vxEC7nvLc8pE6CLIw= =v7dS -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031022140919.GA61094>