From owner-freebsd-security@FreeBSD.ORG Fri Apr 16 16:58:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7870416A4CE for ; Fri, 16 Apr 2004 16:58:16 -0700 (PDT) Received: from dfmm.org (walter.dfmm.org [66.180.195.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F71A43D54 for ; Fri, 16 Apr 2004 16:58:16 -0700 (PDT) (envelope-from freebsd-security@dfmm.org) Received: (qmail 21892 invoked by uid 1000); 16 Apr 2004 23:58:10 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 Apr 2004 23:58:10 -0000 Date: Fri, 16 Apr 2004 16:58:10 -0700 (PDT) From: Jason Stone X-X-Sender: jason@walter To: freebsd-security@freebsd.org In-Reply-To: <02cf01c42405$39a33450$4102a8c0@home> Message-ID: <20040416163109.S45935@walter> References: <20040408144322.GA83448@bewilderbeast.blackhelicopters.org><20040413181943.GA55219@bewilderbeast.blackhelicopters.org><6.0.3.0.0.20040414230754.07d7cf18@209.112.4.2><6.0.3.0.0.20040415105459.0477f488@209.112.4.2><20040415180518.GA46433@phobos.osem.com> <20040416153835.K45935@walter> <02cf01c42405$39a33450$4102a8c0@home> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: recommended SSL-friendly crypto accelerator X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 23:58:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > | last time I checked, the stats on the cheap soekris cards were way slower > | than the output of "openssl speed" run on my system during normal load.... > > where are you referencing your stats from? Oh, sorry - I don't have one of these cards - I'm comparing the stats published on the soekris website (eg, http://soekris.com/vpn1201.htm) with the output of "openssl speed" on the box that I was considering putting the card into. eg, that pages says, "Encryption, DES, Triple-DES and RC4 at 70 to 188 Mbps" so let's assume that it will do rc4 at 188Mbit/s = 24Mbyte/s. now, running openssl speed on this p4-2.4Ghz yields: type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes rc4 66834.42k 88726.02k 91202.39k 91817.64k 91742.21k so we see that even at the smallest blocksize, openssl on this cpu is encrypting at 67Mbyte/s, and, at very large blocksizes, 92Mbyte/s - this is roughly three to four times faster than the hardware card. so, assuming that I haven't completely misinterpretted here, my question is, will either openssl or the kernel driver realize that the card is slower here and do the crypto on my main cpu while the cpu is not loaded? -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQFAgHMSswXMWWtptckRAkQYAKDsat2vO1jKX6+19PcXpyD5X3X/1gCeJIO0 wjRsYJ5/ql/NWiUh/EP/F4A= =UBZ2 -----END PGP SIGNATURE-----