Re: hardware crypto and SSL?

From: Mike Tancsa (mike_at_sentex.net)
Date: 10/22/03

  • Next message: Ruslan Ermilov: "Re: IPSec VPNs: to gif or not to gif" 
    Date: Wed, 22 Oct 2003 10:35:52 -0400
To: Bill Swingle <unfurl@dub.net>, security@freebsd.org

    At 11:44 PM 21/10/2003, Mike Tancsa wrote:

    >Dont know about http ssl, but I am using the cards from Soekris for my
    >backup server. As long as you use 3des for encryption, it does make a big
    >difference CPU wise. The next generation cards supposedly have AES and
    >public key generation, but I dont think the driver will do the public key
    >stuff. The safe driver says it does, but I dont know where to get such cards.

    Sorry, I was misspeaking about the safe driver. At the bottom, the Bugs
    section says, "Public key support is not implemented."

    I would say give the Soekris card a try. Its $80 and it will help with the
    SHA1 and MD5 calcs as well as provide good RNG. It wont help with RSA key
    generation unfortunately where much of the initial overhead comes from.

             ---Mike

    >At 11:27 PM 21/10/2003, Bill Swingle wrote:
    >>Is anyone successfully using some sort of hardware crypto solution to
    >>combat the overhead of SSL in http transactions? I'd love to hear
    >>anything good or bad about this.
    >>
    >>-Bill
    >>
    >>--
    >>-=| Bill Swingle - <unfurl@(dub.net|freebsd.org)>
    >>-=| Every message PGP signed
    >>-=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223
    >>-=| "Computers are useless. They can only give you answers" Pablo Picasso
    >>
    >>
    >
    >_______________________________________________
    >freebsd-security@freebsd.org mailing list
    >http://lists.freebsd.org/mailman/listinfo/freebsd-security
    >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Ruslan Ermilov: "Re: IPSec VPNs: to gif or not to gif"

    Relevant Pages

    • Re: hardware crypto and SSL?
      ... > Dont know about http ssl, but I am using the cards from Soekris for my ... > public key generation, but I dont think the driver will do the public key ... The safe driver says it does, but I dont know where to get such cards. ...
      (FreeBSD-Security)
    • Re: looking for beginners guide on pki
      ... PKI means "Public Key Infrastructure" and today most ... "Smartcards with a public certificate". ... This step-by-step guide will help you set up a public key certification ... ... some smart cards may not accept certificates issued by a CA ...
      (microsoft.public.win2000.active_directory)