FreeBSD + Rainbow Cryptoswift
Rumen Telbizov
altares at e-card.bg
Mon Jan 26 08:50:01 PST 2004
On Mon, Jan 26, 2004 at 11:30:22AM -0500, Charles Swiger wrote:
> On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote:
> [ ... ]
> >I don't see anything related to RSA computations?!
> >Do you see any real acceleration in the RSA operations
> >while using this card or there is NO support for RSA in
> >the crypto device ?
>
> It might be worth asking the author of cryptodev and hifn whether the
> manpage is current with regard to RSA support. For my purposes, adding
> entropy and speeding up 3DES for ssh is useful, but you are right that
> HTTPS acceleration will want RSA.
>
> The hifn cards will do ARC4/MD5/SHA, which is still helpful to your
> situation, but doing SSL session startup with a 1024-bit RSA server
> certificate tends to be the hit that slows down a busy site, not
> streaming 40/128-bit encryption afterwards.
>
> Here's the results of an "openssl speed" on a machine with a 933MHz
> Tualatin:
Well I my case the traffic that I will transfer will be very low.
The highest load is going to be in the authentication (client
based certificates) which is RSA public/private keys computations.
So the symetric cryptography is not a big interest.
As it is well known the public key encryption is not a big problem
since the public exponent is chosen to be one of the 3,17,65537 primes.
The slowdown is in the private key operations - they are very SLOW!
In this test the key column is SIGN - because then we have private key used!
Here are my results on a Celeron 1700 of the RSA:
rsa 2048 bits 0.1024s 0.0030s 9.8 336.4
compared to yours:
> rsa 2048 bits 0.0959s 0.0029s 10.4 346.7
10.4(you) against 9.8(me) is not that much taking into account
that you have a crypto-card (which one did you use to make this test?)
This makes me think that it might be worth buying more powerfull
processors than buying a crypto-card.
Thank you for your test.
Rumen Telbizov
More information about the freebsd-stable
mailing list