Date: Mon, 26 Jan 2004 18:49:48 +0200 From: Rumen Telbizov <altares@e-card.bg> To: Charles Swiger <cswiger@mac.com> Cc: stable@freebsd.org Subject: Re: FreeBSD + Rainbow Cryptoswift Message-ID: <20040126164948.GD230@e-card.bg> In-Reply-To: <EFEE6595-501C-11D8-B821-003065A20588@mac.com> References: <20040126091424.GI688@e-card.bg> <6889E365-5016-11D8-B821-003065A20588@mac.com> <20040126155600.GB230@e-card.bg> <EFEE6595-501C-11D8-B821-003065A20588@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 26, 2004 at 11:30:22AM -0500, Charles Swiger wrote: > On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote: > [ ... ] > >I don't see anything related to RSA computations?! > >Do you see any real acceleration in the RSA operations > >while using this card or there is NO support for RSA in > >the crypto device ? > > It might be worth asking the author of cryptodev and hifn whether the > manpage is current with regard to RSA support. For my purposes, adding > entropy and speeding up 3DES for ssh is useful, but you are right that > HTTPS acceleration will want RSA. > > The hifn cards will do ARC4/MD5/SHA, which is still helpful to your > situation, but doing SSL session startup with a 1024-bit RSA server > certificate tends to be the hit that slows down a busy site, not > streaming 40/128-bit encryption afterwards. > > Here's the results of an "openssl speed" on a machine with a 933MHz > Tualatin: Well I my case the traffic that I will transfer will be very low. The highest load is going to be in the authentication (client based certificates) which is RSA public/private keys computations. So the symetric cryptography is not a big interest. As it is well known the public key encryption is not a big problem since the public exponent is chosen to be one of the 3,17,65537 primes. The slowdown is in the private key operations - they are very SLOW! In this test the key column is SIGN - because then we have private key used! Here are my results on a Celeron 1700 of the RSA: rsa 2048 bits 0.1024s 0.0030s 9.8 336.4 compared to yours: > rsa 2048 bits 0.0959s 0.0029s 10.4 346.7 10.4(you) against 9.8(me) is not that much taking into account that you have a crypto-card (which one did you use to make this test?) This makes me think that it might be worth buying more powerfull processors than buying a crypto-card. Thank you for your test. Rumen Telbizov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040126164948.GD230>