Re: SSL accel cards
Does anyone know of an SSL acceleration card that actually works under Linux/*BSD? I've been looking at vendor web pages (AEP, Rainbow, etc), and while they all claim to support Linux, Googling around all I find are people saying Where can I get drivers? The ones vendor shipped only work on RedHat 5.2 with a 2.0.36 kernel. (or some similar 4-6 year old system), and certainly they don't (gasp) make updated versions available for download. Because someone might... what, steal the driver? Anyway... with openbsd, http://www.openbsd.org/crypto.html#hardware itojun - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: SSL accel cards
Does anyone know of an SSL acceleration card that actually works under Linux/*BSD? I successfully used a Broadcom PCI card on a Linux (don't remember what Linux and kernel version, this was close to 2 years ago). If I remember correctly it was the BCM5820 processor I used http://www.broadcom.com/collateral/pb/5820-PB04-R.pdf (the product sheet mentions support for Linux, Win98, Win2000, FreeBSD, VxWorks, Solaris). I was able to use it on a Linux and on a Windows (where I offloaded modexp operation from MSCAPI crypto provider). The Linux drivers where available from Broadcom upon request, there was also a crypto library that called the card via the drivers, but at the time I looked at it the code wasn't very stable (e.g. I had to debug the RSA key generation and send patches since it did not work at all, later versions had the key generation part working properly). The library might be stable by now. I also made the Broadcom chip work with OpenCryptoki on a Linux, I submitted the code for supporting Broadcom in OpenCryptoki. http://www-124.ibm.com/developerworks/oss/cvs/opencryptoki/ [] and certainly they don't (gasp) make updated versions available for download. Because someone might... what, steal the driver? Anyway... [] No, but they might find out how poorly written they are??? Don't know the reason... --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
SSL accel cards
Does anyone know of an SSL acceleration card that actually works under Linux/*BSD? I've been looking at vendor web pages (AEP, Rainbow, etc), and while they all claim to support Linux, Googling around all I find are people saying Where can I get drivers? The ones vendor shipped only work on RedHat 5.2 with a 2.0.36 kernel. (or some similar 4-6 year old system), and certainly they don't (gasp) make updated versions available for download. Because someone might... what, steal the driver? Anyway... What I'm specifically looking for is a PCI card that can do fast modexp, and that I can program against on a Linux/*BSD box. Onboard DES/AES/SHA-1/whatever would be fun to play with but not extremely important. -Jack - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: SSL accel cards
We've had great luck with the nFast and nForce lines of ssl accelerators from nCipher under Red Hat: http://www.ncipher.com Depending on which model you choose, you can get anywhere from 150 to 1600 key ops/sec. HTH, G -- Grant Goodale Security Architect Reactivity, Inc. [EMAIL PROTECTED] http://www.reactivity.com -Original Message- From: Jack Lloyd [mailto:[EMAIL PROTECTED] Sent: Sunday, May 23, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: SSL accel cards Does anyone know of an SSL acceleration card that actually works under Linux/*BSD? I've been looking at vendor web pages (AEP, Rainbow, etc), and while they all claim to support Linux, Googling around all I find are people saying Where can I get drivers? The ones vendor shipped only work on RedHat 5.2 with a 2.0.36 kernel. (or some similar 4-6 year old system), and certainly they don't (gasp) make updated versions available for download. Because someone might... what, steal the driver? Anyway... What I'm specifically looking for is a PCI card that can do fast modexp, and that I can program against on a Linux/*BSD box. Onboard DES/AES/SHA-1/whatever would be fun to play with but not extremely important. -Jack - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]