Lou Picciano wrote:
> ... hardware ..
Note that there are two aspects to HW:
- Helping you manage the keys securely; tamperproof storage
and/or trapdoor/blackbox generation of private key - and
all the insider protection it gives you.
- Helping increase performance.
Do you really see a significant performance increase? IE, is it worth
the trouble at this point to offload encryption mathematics, given the
speed and pricepoints of CPUs themselves?
(Initial) RSA/DSA negotiation is almost always a win when done with an
optimized processor *provided* that your setup allows for the main
process to do 'something else' whilst the hardware does the calculation.
Which is the norm across most unixes+webserver combo's.
You are generally winning at least 1 or 2 orders of magnitude.
Session level support is more complex to quantify - as AES, RC4, 3DES
etc are not that expensive; and Gbit ethernet is 'slow' relative to some
CPU speeds. Here your hardware may not win you that much - esp. if there
are things like core/interrupt affinity to, say, eithernet and bus-waits
or DMA blowing caches. However - a well tuned, say, Solaris box with
proper hardware will general benefit under certain loads; but do not
expect this to easily translate, say, to linux land.
Thanks,
Dw
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
