Re: hardware crypto and SSL?

From: Sam Leffler (sam_at_errno.com)
Date: 10/22/03

  • Next message: Ross Wheeler: "Re: Best way to filter "Nachi pings"?" 
    To: Mike Tancsa <mike@sentex.net>, Bill Swingle <unfurl@dub.net>, security@freebsd.org
Date: Wed, 22 Oct 2003 10:08:30 -0700

    On Wednesday 22 October 2003 07:35 am, Mike Tancsa wrote:
    > At 11:44 PM 21/10/2003, Mike Tancsa wrote:
    > >Dont know about http ssl, but I am using the cards from Soekris for my
    > >backup server. As long as you use 3des for encryption, it does make a big
    > >difference CPU wise. The next generation cards supposedly have AES and
    > >public key generation, but I dont think the driver will do the public key
    > >stuff. The safe driver says it does, but I dont know where to get such
    > > cards.
    >
    > Sorry, I was misspeaking about the safe driver. At the bottom, the Bugs
    > section says, "Public key support is not implemented."
    >

    Actually, Jason Wright took the driver and added PK support but I haven't
    brought the changes back to FreeBSD yet. One big problem with the safenet
    chips for PK is that they require polling to get the results! Needless to
    say this is not optimal.

    > I would say give the Soekris card a try. Its $80 and it will help with the
    > SHA1 and MD5 calcs as well as provide good RNG. It wont help with RSA key
    > generation unfortunately where much of the initial overhead comes from.

    The hifn 7955-based cards from Soekris should be available soon. I have no
    more info than you do other than I've worked with a prototype that was real.
    There are still some issues to work out in the driver but between Jason and I
    it should be well supported in time. The big win is that it's got AES and PK
    support and should be inexpensive. A Safenet-based card that does all this
    too should be available sometime also but I'm not sure what the product plans
    are for that (and no I can't say who's doing the card).

            Sam

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Ross Wheeler: "Re: Best way to filter "Nachi pings"?"

    Relevant Pages

    • Re: how supported are 3ware Escalade controllers?
      ... of late providing official driver support. ... of their cards, the 8000. ... I dont have any experience yet with their newer ... I have seen reports of problems with those drives. ...
      (freebsd-current)
    • How to save VtES?
      ... First of all i dont want this to degenerate into a flame war, ... just look at the number of players attending tournaments: ... didn´t really get cards that they could need or trade. ... your great cock deck norm) taking up a lot of rare slots, ...
      (rec.games.trading-cards.jyhad)
    • Re: hardware crypto and SSL?
      ... > Dont know about http ssl, but I am using the cards from Soekris for my ... The next generation cards supposedly have ... The new VIA Eden-N processors have built in high-speed AES encryption ...
      (FreeBSD-Security)
    • Re: hardware crypto and SSL?
      ... > Dont know about http ssl, but I am using the cards from Soekris for my ... > public key generation, but I dont think the driver will do the public key ... The safe driver says it does, but I dont know where to get such cards. ...
      (FreeBSD-Security)
    • Re: 420 pinballer gets all the action
      ... actually, because of dinotheo, i found this website, and became a ... I dont bash on anybody, ... I only relisted the cards, ... I was just having a little fun with him.. ...
      (rec.games.pinball)