From owner-freebsd-stable Fri Jan 24 19:14:59 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E1CB37B401 for ; Fri, 24 Jan 2003 19:14:58 -0800 (PST) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 937AE43EB2 for ; Fri, 24 Jan 2003 19:14:57 -0800 (PST) (envelope-from sam@errno.com) Received: from melange (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.5/8.12.1) with ESMTP id h0P3EtnN092580 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 24 Jan 2003 19:14:56 -0800 (PST)?g (envelope-from sam@errno.com)œ X-Authentication-Warning: ebb.errno.com: Host melange.errno.com [66.127.85.82] claimed to be melange Message-ID: <1bdc01c2c41f$eff0ef50$52557f42@errno.com> From: "Sam Leffler" To: "Daniel O'Connor" Cc: "Mike Tancsa" , References: <5.2.0.9.0.20030124073321.07012c88@192.168.0.12> <187f01c2c3cb$9eb22e50$52557f42@errno.com> <1043462918.85148.28.camel@chowder.dons.net.au> Subject: Re: HEADS UP: fast ipsec committed Date: Fri, 24 Jan 2003 19:14:55 -0800 Organization: Errno Consulting MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On Sat, 2003-01-25 at 03:41, Sam Leffler wrote: > > With OpenSSL you get lots of applications. I'm not sure if Kerberos also > > benefits. In the kernel there's nothing else at the moment but that's not > > to say that things like gbde couldn't use it. I also intend to use it to do > > AES for wireless security protocols. > > What about /dev/random? The hifn chips have a random number generator on > board, although I've no idea how good it is. Right. If the crypto h/w has a RNG on it then the entropy is automatically fed to the system PRNG. This can be a big win since it allows you to disable IRQ entropy harvesting which is too expensive for a production environment. Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message