Hi, I'm looking to get a couple of Soekris vpn1401 (hifn 7955) or vpn1461 (hifn 7956) to do some performance tests in a military environment with FreeBSD systems. Since this is a big project and I don't want to jump in something destined to fail, I'll ask your expertise. 1. After searching the mailing lists for reports of performance with openssl and cryptop accelerators, I did not find anything that showed an increase in performance with the cards (though some posts date back to FBSD4.8). Does openssl today make correct use of the crypto hardware? 2. From what I understand, ssh is supposed to increase in performance with those cards. Assuming two FreeBSD computers with crypto accelerators are transfering big files (say sftp) in a cipher that the card and driver supports, would the transfer rate be at or near clear-text speed (in a 100mbps link)? 3. How does GEOM_ELI uses crypto hardware to accelerate working with encrypted partitions? Again, with big file systems, would a gain in performance be noticeable? 4. Also, it seems that asymmetric crypto support is not yet implemented in the hifn driver (according to the man page). Is it safe to assume that pgp will not be accelerated? Any plans to support it? (perhaps this is an OpenBSD question...) The whole idea is to reduce conversion and transfer time with highly sensitive, huge files (> 1 GB, sometimes near 10 GB). We currently use a commercial software compatible with PGP, but there are security and logistical issues with it (the commercial software, not PGP). Encrypting a 2GB file with PGP, even on a modern machine, takes a long time. I've done tests with geli and am so far satisfied with it, but it is a storage encryption and doesn't allow us to safely transfer data unless we physically transfert the disk or use ssh. With geli, you also have to make sure that the created partition is only readable/writeable by the user you want access allowed to which reduces the total security of the information due to human negligeance. Nicolas. -- FreeBSD 7.0-CURRENT #9: Tue Oct 31 15:44:23 EST 2006 nicblais_at_clk01a:/usr/obj/usr/src/sys/CLK01A PGP? : http://www.clkroot.net/security/nb_root.asc
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:02 UTC