From owner-freebsd-security@FreeBSD.ORG Wed Oct 22 07:32:32 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17A6216A4B3 for ; Wed, 22 Oct 2003 07:32:32 -0700 (PDT) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 079B243F3F for ; Wed, 22 Oct 2003 07:32:31 -0700 (PDT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id h9MEWReW052173; Wed, 22 Oct 2003 10:32:27 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id h9MEWSYI029281; Wed, 22 Oct 2003 10:32:29 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.0.0.22.0.20031022102925.04d56660@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Wed, 22 Oct 2003 10:35:52 -0400 To: Bill Swingle , security@freebsd.org From: Mike Tancsa In-Reply-To: <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> References: <20031022032740.GA2605@dub.net> <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new Subject: Re: hardware crypto and SSL? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2003 14:32:32 -0000 At 11:44 PM 21/10/2003, Mike Tancsa wrote: >Dont know about http ssl, but I am using the cards from Soekris for my >backup server. As long as you use 3des for encryption, it does make a big >difference CPU wise. The next generation cards supposedly have AES and >public key generation, but I dont think the driver will do the public key >stuff. The safe driver says it does, but I dont know where to get such cards. Sorry, I was misspeaking about the safe driver. At the bottom, the Bugs section says, "Public key support is not implemented." I would say give the Soekris card a try. Its $80 and it will help with the SHA1 and MD5 calcs as well as provide good RNG. It wont help with RSA key generation unfortunately where much of the initial overhead comes from. ---Mike >At 11:27 PM 21/10/2003, Bill Swingle wrote: >>Is anyone successfully using some sort of hardware crypto solution to >>combat the overhead of SSL in http transactions? I'd love to hear >>anything good or bad about this. >> >>-Bill >> >>-- >>-=| Bill Swingle - >>-=| Every message PGP signed >>-=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 >>-=| "Computers are useless. They can only give you answers" Pablo Picasso >> >> > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"