From owner-freebsd-security@FreeBSD.ORG Wed Oct 22 07:12:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4ACC16A4B3 for ; Wed, 22 Oct 2003 07:12:11 -0700 (PDT) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8063C43F85 for ; Wed, 22 Oct 2003 07:12:10 -0700 (PDT) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [204.177.173.28]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id h9MEC96T057039; Wed, 22 Oct 2003 09:12:10 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <3F96902A.8040203@centtech.com> Date: Wed, 22 Oct 2003 09:11:54 -0500 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael Sierchio References: <20031022032740.GA2605@dub.net> <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> <3F9676FB.9020107@centtech.com> <3F968E85.1030902@tenebras.com> In-Reply-To: <3F968E85.1030902@tenebras.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: security@freebsd.org Subject: Re: hardware crypto and SSL? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2003 14:12:11 -0000 Michael Sierchio wrote: > Eric Anderson wrote: > >> The new VIA Eden-N processors have built in high-speed AES encryption > > > Forgive me, but that's really not important -- for SSL the bulk > encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which > is efficient in software . It's the handshake and public key > operations that really benefit from the use of HW crypto. I understand - justing tossing it into the ring.. > In which case the currently-supported cards (either by the > OpenBSD /dev/crypto scheme ported by Sam Leffler, or those > directly supported in the OpenSSL engine) all work fine. > > IOW the current Soekris boards help quite a bit, and they > also help because they have a HW RBG which actually stirs > the entropy pool for /dev/random -- very helpful for not > running out of random bits on machines that have no > keyboard or mouse. FWIW, the Eden processors also have a high-speed, high-quality hardware RNG built into them too (of course). Again, just tossing that in. :) The Soekris boxes are great - I have about 70 of them in use now. Actually, I beleive they were trying to get an Eden processor on one of their upcoming models - but I'm not certain about that. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------