From owner-freebsd-stable@FreeBSD.ORG Mon Jan 26 08:50:01 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB65A16A4CE for ; Mon, 26 Jan 2004 08:50:01 -0800 (PST) Received: from cray.e-card.bg (mjak.e-card.bg [212.91.167.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2291D43D31 for ; Mon, 26 Jan 2004 08:49:58 -0800 (PST) (envelope-from altares@cray.e-card.bg) Received: from cray.e-card.bg (localhost [127.0.0.1]) by cray.e-card.bg (8.12.9/8.12.9) with ESMTP id i0QGnrJx001912; Mon, 26 Jan 2004 18:49:53 +0200 (EET) (envelope-from altares@cray.e-card.bg) Received: (from altares@localhost) by cray.e-card.bg (8.12.9/8.12.9/Submit) id i0QGnmEs001911; Mon, 26 Jan 2004 18:49:48 +0200 (EET) Date: Mon, 26 Jan 2004 18:49:48 +0200 From: Rumen Telbizov To: Charles Swiger Message-ID: <20040126164948.GD230@e-card.bg> References: <20040126091424.GI688@e-card.bg> <6889E365-5016-11D8-B821-003065A20588@mac.com> <20040126155600.GB230@e-card.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: stable@freebsd.org Subject: Re: FreeBSD + Rainbow Cryptoswift X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2004 16:50:01 -0000 On Mon, Jan 26, 2004 at 11:30:22AM -0500, Charles Swiger wrote: > On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote: > [ ... ] > >I don't see anything related to RSA computations?! > >Do you see any real acceleration in the RSA operations > >while using this card or there is NO support for RSA in > >the crypto device ? > > It might be worth asking the author of cryptodev and hifn whether the > manpage is current with regard to RSA support. For my purposes, adding > entropy and speeding up 3DES for ssh is useful, but you are right that > HTTPS acceleration will want RSA. > > The hifn cards will do ARC4/MD5/SHA, which is still helpful to your > situation, but doing SSL session startup with a 1024-bit RSA server > certificate tends to be the hit that slows down a busy site, not > streaming 40/128-bit encryption afterwards. > > Here's the results of an "openssl speed" on a machine with a 933MHz > Tualatin: Well I my case the traffic that I will transfer will be very low. The highest load is going to be in the authentication (client based certificates) which is RSA public/private keys computations. So the symetric cryptography is not a big interest. As it is well known the public key encryption is not a big problem since the public exponent is chosen to be one of the 3,17,65537 primes. The slowdown is in the private key operations - they are very SLOW! In this test the key column is SIGN - because then we have private key used! Here are my results on a Celeron 1700 of the RSA: rsa 2048 bits 0.1024s 0.0030s 9.8 336.4 compared to yours: > rsa 2048 bits 0.0959s 0.0029s 10.4 346.7 10.4(you) against 9.8(me) is not that much taking into account that you have a crypto-card (which one did you use to make this test?) This makes me think that it might be worth buying more powerfull processors than buying a crypto-card. Thank you for your test. Rumen Telbizov