On Sun, Mar 15, 2009 at 12:26:39AM +1300, Peter Gutmann wrote: > > I was hoping someone else would leap in about now and question this, but I > guess I'll have to do it... maybe we have a different definition of what's > required here, but AFAIK there's an awful lot of this kind of hardware > floating around out there, admittedly it's all built around older crypto > devices like Broadcom 582x's and Cavium's Nitrox (because there hasn't been > any real need to come up with replacements) but I didn't think there'd be much > problem with finding the necessary hardware, unless you've got some particular > requirement that rules a lot of it out.
Nitrox doesn't have onboard key memory. Cavium's FIPS140 certified Nitrox board-level solutions include a smartcard and a bunch of additional hardware and software which implement (among other things) secure key storage -- but these are a world apart from the run of the mill Nitrox parts one finds embedded in all kinds of commonplace devices. They also provide an API which is tailored for FIPS140 compliance: good if you need it, far from ideal for the common case for web servers, and very different from the standard set of tools one gets for the bare Nitrox platform. There are of course similar board-level solutions using BCM582x as the crypto core. But in terms of cost and complexity I might as well just use custom hardware -- I'd probably come out ahead. And you can't just _ignore_ performance, nor new algorithms, so eventually using very old crypto cores makes the whole thing fail to fly. (If "moderate" performance will suffice, I note that NBMK Encryption will still sell you the old NetOctave NSP2000, which is a pretty nice design that has onboard key storage but lacks AES, larger SHA variants, and other modern features). To the extent of my knowledge there are currently _no_ generally available, general-purpose crypto accellerator chip-level products with onboard key storage or key wrapping support, with the exception of parts first sold more than 5 years ago and being shipped now from old stock. This was once a somewhat common feature on accellerators targetted at the SSL/IPsec market. That appears to no longer be the case. -- Thor Lancelot Simon t...@rek.tjls.com "Even experienced UNIX users occasionally enter rm *.* at the UNIX prompt only to realize too late that they have removed the wrong segment of the directory structure." - Microsoft WSS whitepaper --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com