FreeBSD + Rainbow Cryptoswift

Mike Tancsa mike at sentex.net
Mon Jan 26 10:57:49 PST 2004



The only transformations supported by the hifn card are whats stated in the 
man page, to quote,

"The hifn driver registers itself to accelerate DES, Triple-DES, AES (7955 
and 7956 only), ARC4, MD5, MD5-HMAC, SHA1, and SHA1-HMAC operations for 
ipsec(4) and crypto(4)."

For my applications, this is adequate.

         ---Mike


At 11:49 AM 26/01/2004, Rumen Telbizov wrote:

>On Mon, Jan 26, 2004 at 11:30:22AM -0500, Charles Swiger wrote:
> > On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote:
> > [ ... ]
> > >I don't see anything related to RSA computations?!
> > >Do you see any real acceleration in the RSA operations
> > >while using this card or there is NO support for RSA in
> > >the crypto device ?
> >
> > It might be worth asking the author of cryptodev and hifn whether the
> > manpage is current with regard to RSA support.  For my purposes, adding
> > entropy and speeding up 3DES for ssh is useful, but you are right that
> > HTTPS acceleration will want RSA.
> >
> > The hifn cards will do ARC4/MD5/SHA, which is still helpful to your
> > situation, but doing SSL session startup with a 1024-bit RSA server
> > certificate tends to be the hit that slows down a busy site, not
> > streaming 40/128-bit encryption afterwards.
> >
> > Here's the results of an "openssl speed" on a machine with a 933MHz
> > Tualatin:
>
>Well I my case the traffic that I will transfer will be very low.
>The highest load is going to be in the authentication (client
>based certificates) which is RSA public/private keys computations.
>So the symetric cryptography is not a big interest.
>As it is well known the public key encryption is not a big problem
>since the public exponent is chosen to be one of the 3,17,65537 primes.
>The slowdown is in the private key operations - they are very SLOW!
>In this test the key column is SIGN - because then we have private key used!
>
>Here are my results on a Celeron 1700 of the RSA:
>rsa 2048 bits   0.1024s   0.0030s      9.8    336.4
>
>compared to yours:
> > rsa 2048 bits   0.0959s   0.0029s     10.4    346.7
>
>10.4(you) against 9.8(me) is not that much taking into account
>that you have a crypto-card (which one did you use to make this test?)
>
>This makes me think that it might be worth buying more powerfull
>processors than buying a crypto-card.
>
>Thank you for your test.
>
>Rumen Telbizov
>_______________________________________________
>freebsd-stable at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"



More information about the freebsd-stable mailing list