Re: hardware crypto and SSL?

• Previous message: Michael Sierchio: "Re: hardware crypto and SSL?"
• In reply to: Michael Sierchio: "Re: hardware crypto and SSL?"
• Next in thread: Michael Sierchio: "Re: hardware crypto and SSL?"
• Reply: Michael Sierchio: "Re: hardware crypto and SSL?"
• Reply: Jason Stone: "Re: hardware crypto and SSL?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Oct 2003 07:09:19 -0700
Date: Wed, 22 Oct 2003 07:09:19 -0700
To: Michael Sierchio <kudzu@tenebras.com>

On Wed, Oct 22, 2003 at 07:04:53AM -0700, Michael Sierchio wrote:
> Eric Anderson wrote:
>
> >The new VIA Eden-N processors have built in high-speed AES encryption
>
> Forgive me, but that's really not important -- for SSL the bulk
> encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which
> is efficient in software . It's the handshake and public key
> operations that really benefit from the use of HW crypto.
>
> In which case the currently-supported cards (either by the
> OpenBSD /dev/crypto scheme ported by Sam Leffler, or those
> directly supported in the OpenSSL engine) all work fine.
>
> IOW the current Soekris boards help quite a bit, and they
> also help because they have a HW RBG which actually stirs
> the entropy pool for /dev/random -- very helpful for not
> running out of random bits on machines that have no
> keyboard or mouse.

When you say that they help quite a bit, do you mean for http+SSL or
some other application?

What I'm getting at is this: can anyone actually confirm that using
hardware crypto can increase http+SSL speeds? I've yet to find any
mention of it on the web.

(Basicly the problem I'm trying to solve is for a web-based app that we
recently discovered is tons faster without SSL but SSL is a requirement)

-Bill

-- 
-=| Bill Swingle - <unfurl@(dub.net|freebsd.org)>
-=| Every message PGP signed
-=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E  6414 5200 1C95 8E09 0223
-=| "Computers are useless. They can only give you answers" Pablo Picasso 

• application/pgp-signature attachment: stored

• Previous message: Michael Sierchio: "Re: hardware crypto and SSL?"
• In reply to: Michael Sierchio: "Re: hardware crypto and SSL?"
• Next in thread: Michael Sierchio: "Re: hardware crypto and SSL?"
• Reply: Michael Sierchio: "Re: hardware crypto and SSL?"
• Reply: Jason Stone: "Re: hardware crypto and SSL?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ADFS Not Compatible with FIPS? ... There are basically two parts to ADFS ... crypto. ... The SSL stuff is all implemented at the Windows level by IIS and happens ... the AES algorithm, but it is not a FIPS-compliant algorithm. ... (microsoft.public.windows.server.active_directory) Re: Use of SSL as a VPN ... > perceived deficiency in SSL because of its use of MD5 for generating ... We don't doubt the strength of the crypto in SSL ... question about PFS with SSL using DH. ... (sci.crypt) Re: SSPI and Crypto ... In windows, is SSPI the only way to invoke SSL? ... Are all the Crypto and SSL calls thread safe? ... you can't encrypt using the same symmetric key at ... (microsoft.public.platformsdk.security) Re: Performance of SSL over IPSec circuits ... > locations use SSL software over my IPSec connections to the Host ... then out to the Credit Card Processor via Frame Relay? ... from the Crypto++ benchmarks ... (sci.crypt) Re: un-hashing to reveal pass phrase [was: crypto sms] ... >> In crypto a failure of one in a billion is way too high. ... In effect you have a safe within a safe within a safe ... >> data collection and implement a public key exchange. ... If you send an SMS, ... (sci.crypt)