-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Toseland wrote: >>> Short answer: No. =) >>> >>> Long answer: >>> You need special JCE module (software) installed. >>> (e.g. http://www.via.com.tw/en/initiatives/padlock/via-jcp.jsp ) >>> >>> However, >>> the most-used crypto in freenet is Rijndael (original favour, not the NIST >> one), >>> no module provide this acceleration. >> AFAIK it's the same, but we generally use 256/256, whereas AES is actually >> 256/128. In any case there are export policy / key length issues until 1.6, >> and we don't require 1.6 yet. > > This also applies to DSA/RSA. We use our own implementations because the JVM > versions are restricted in key length until 1.6. > > It would be possible to switch between the different impls by a config option, > if it was deemed worth the effort... >>> SHA-256, while do have some acceleration exist, are used sparsely. >> We use SHA-256 in many places. We use the JVM implementation. So if hardware >> acceleration is enabled, and if the relevant java library is included >> (manually, RTFM), SHA-256 will be accelerated. > > The accelerator card doesn't do SHA-256 apparently, only SHA-1 and md5. We do > use md5 in some cases (e.g. the spider), but it's not widely used as it is > known to be broken. >> The hardware RNG will also be useful.
OK. I think I've got it. Many things that freenet uses goes beyond the capabilities of those accelerators. But some would get a benefit. Can someone give a hint how much the security related things that would be supported by such an accelerator (RNG, RSA/DSA) are used inside freenet? Or basically which action of the node implies which security related method? So is there a detection of the used JVM? I mean if I just would use the 1.6 JVM does it imply that I'm able to choose the implementation using JCE system properties? If that is not the case could freenet be made configurable in such a way? I am purchasing such a board as I'm dealing with many parallel SSL connections and until now I have a server doing that work. But the power consumption of such a small Soekris box sounds really nice to me. And running freenet on such a small device along with my other things that have to run 24/7 would make my life much easier. So if freenet doesn't benefit a lot of those hardware accelerators I have to evaluate if it is using too much CPU for that box to not interfere my other things. Thanx and greetz, AncoL -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklBoyEACgkQQvkuA0fAo7lQDACfZdkO9CW1l259e/LgGD0wt8NQ I/YAn2uCHbEli9AXVwUy6mL73WaARFhE =sf+D -----END PGP SIGNATURE-----
