'Serious' crypto? (was: FreeBSD router - large scale)

[Chuck Swiger]

On May 27, 2010, at 1:49 PM, Peter Cornelius wrote:
> Hi,
> 
>> NAT.  Doing serious crypto slows things up somewhat.
> 
> I've been pondering this since a while but thought that crypto engines on modern hardware would make 'extra' hardware accelerators obsolete?

It depends upon usage.

> Or is it still worthwhile to consider hardware accelerators such as the ones guys like soekris [1] and others offer? Does anyone have an idea "how much" such an accelerator may help on older vs. on newer hardware?

Something like a 1GHz P3 or equivalent can generally do the symmetric crypto about as fast as a decent PCI crypto card like the HiFN 795x could; bus limitations made faster CPUs better, although a newer PCIe crypto device ought to be more competitive.

What matters more for some common use cases is that crypto H/W tends to do asymmetric crypto like RSA/DSA signing to negotiate a shared session key-- aka SSL session creation for SSL websites, secure email, SSH keys, etc much faster than normal CPUs could.

> Would multiple engines work (and help) at all? From crypto(4), I would not guess so. One consequence would be that there may be certain limitations in using a separate accelerator once the platform comes with its own accelerator device?

Sure, you can setup multiple engines, although this does better if you have separate services using each, since you do want to use an SSL session cache, but you don't want to pollute one for HTTPS with sessions from IMAPS and vice versa.  Also, the config interface for Apache/IIS/whatever, or Dovecot/Cyrus/Exchange, etc might not let you specify more than one SSLEngine.

On the other hand, it's not very much coding to adjust things to use multiple engines even within Apache or whatever-- I can recall some custom webserver modules from CryptoSwift for NSAPI / ISAPI / ASAPI which let you use multiple CryptoSwift boxes via ethernet network or local PCI slots, for example.

Regards,
-- 
-Chuck