From owner-freebsd-security@FreeBSD.ORG Wed Oct 22 07:09:19 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E064C16A4B3 for ; Wed, 22 Oct 2003 07:09:19 -0700 (PDT) Received: from magnesium.net (toxic.magnesium.net [207.154.84.15]) by mx1.FreeBSD.org (Postfix) with SMTP id 35D8C43F93 for ; Wed, 22 Oct 2003 07:09:19 -0700 (PDT) (envelope-from unfurl@dub.net) Received: (qmail 61547 invoked by uid 1001); 22 Oct 2003 14:09:19 -0000 Date: 22 Oct 2003 07:09:19 -0700 Date: Wed, 22 Oct 2003 07:09:19 -0700 From: Bill Swingle To: Michael Sierchio Message-ID: <20031022140919.GA61094@dub.net> References: <20031022032740.GA2605@dub.net> <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> <3F9676FB.9020107@centtech.com> <3F968E85.1030902@tenebras.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline In-Reply-To: <3F968E85.1030902@tenebras.com> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD toxic.magnesium.net 5.1-RELEASE FreeBSD 5.1-RELEASE cc: security@freebsd.org Subject: Re: hardware crypto and SSL? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2003 14:09:20 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 22, 2003 at 07:04:53AM -0700, Michael Sierchio wrote: > Eric Anderson wrote: >=20 > >The new VIA Eden-N processors have built in high-speed AES encryption=20 >=20 > Forgive me, but that's really not important -- for SSL the bulk > encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which > is efficient in software . It's the handshake and public key > operations that really benefit from the use of HW crypto. >=20 > In which case the currently-supported cards (either by the > OpenBSD /dev/crypto scheme ported by Sam Leffler, or those > directly supported in the OpenSSL engine) all work fine. >=20 > IOW the current Soekris boards help quite a bit, and they > also help because they have a HW RBG which actually stirs > the entropy pool for /dev/random -- very helpful for not > running out of random bits on machines that have no > keyboard or mouse. When you say that they help quite a bit, do you mean for http+SSL or some other application? What I'm getting at is this: can anyone actually confirm that using hardware crypto can increase http+SSL speeds? I've yet to find any mention of it on the web. (Basicly the problem I'm trying to solve is for a web-based app that we recently discovered is tons faster without SSL but SSL is a requirement) -Bill --=20 -=3D| Bill Swingle - -=3D| Every message PGP signed -=3D| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=3D| "Computers are useless. They can only give you answers" Pablo Picasso= =20 --/04w6evG8XlLl3ft Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/lo+PUgAclY4JAiMRAuv7AJ9Md2NrBzfZalRCyVMSbS/PP2k9GwCfb3+/ wR0Di/vxEC7nvLc8pE6CLIw= =v7dS -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--