On Thursday 11 December 2008 13:54, Matthew Toseland wrote: > On Thursday 11 December 2008 07:26, Daniel Cheng wrote: > > On Thu, Dec 11, 2008 at 1:12 PM, Ancoron Luciferis > > <ancoron at chaoslayer.de> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hi *, > > > > > > I have a simple question: > > > > > > In the near future I am going to buy one of those fantastic little boxes > > > from Soekris ( http://www.soekris.com/net5501.htm ) with an additional > > > "hardware security accelerator" ( http://www.soekris.com/vpn1401.htm ) > > > board that can take over the en-/decryption of secured connections using > > > public key, RSA, DSA, SSL, IKE and DH, authentication, compression, LZS, > > > MPPC, ... using the crypto engine "Hi/fn 7955" (using > > > http://sourceforge.net/projects/hifn7951/ experimental driver for linux). > > > > > > Would a current freenet client denefit from these hardware accelerations? > > > > Short answer: No. =) > > > > Long answer: > > You need special JCE module (software) installed. > > (e.g. http://www.via.com.tw/en/initiatives/padlock/via-jcp.jsp ) > > > > However, > > the most-used crypto in freenet is Rijndael (original favour, not the NIST > one), > > no module provide this acceleration. > > AFAIK it's the same, but we generally use 256/256, whereas AES is actually > 256/128. In any case there are export policy / key length issues until 1.6, > and we don't require 1.6 yet.
This also applies to DSA/RSA. We use our own implementations because the JVM versions are restricted in key length until 1.6. It would be possible to switch between the different impls by a config option, if it was deemed worth the effort... > > > > SHA-256, while do have some acceleration exist, are used sparsely. > > We use SHA-256 in many places. We use the JVM implementation. So if hardware > acceleration is enabled, and if the relevant java library is included > (manually, RTFM), SHA-256 will be accelerated. The accelerator card doesn't do SHA-256 apparently, only SHA-1 and md5. We do use md5 in some cases (e.g. the spider), but it's not widely used as it is known to be broken. > > The hardware RNG will also be useful. > > > > > The main question thereof is: Is the encryption/decryption secure > > > connection handling implemented in pure Java or is it dome using the > > > native (for Linux/Unix systems shared) libraries? > > > > > > And if it is implemented in pure Java wouldn't it give freenet an extra > > > performance boost when it used native/shared libraries for such a task > > > that can be compiled with specific processor optimization flags? > > > > > > Thanx in advance for any answers. :-) > > > > > > > > > Regards, > > > > > > AncoL > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20081211/8075bc55/attachment.pgp>
