Aleix Conchillo Flaque wrote:
Aleixhi,well, first of all, let me thank you for the mail again. i was thinking the same thing yesterday morning: if you need your CPU to do other things, the cryptographic hardware can help you. the problem is when you only need cryptographic results in a real-time large process (let's say talling votes from an election, which is what i'm doing). in this kind of applications you really need speed. obviously everything is not cryptographic calculations, there is access to disks, network... but crypto is a major one. anyway, your mail has helped me to think about security risks using hardware or not. and i'll take everything into account. regarding to speed again, GMP is a really cool "kick ass" (sorry for the expression) library, we've used it for some mathematicals calculations, instead of using OpenSSL BN. if you've done a wrapper with GMP... let me say that we'll have to spend lots of money in hardware to be as fast as in software.
Not to open the hardware is better than software can of worms...
If you are looking for RAW crypto performance from hardware the nFast is really not IMO the way to go... Just as the IBM 4758 would not be the best device.. There are devices out that are capable of performing higher Private Key operation rates than the systems will at very reasonable costs. I would suggest that you consider the Broadcom adapters in this space. These devices are generally NOT FIPS validated and really are just modular exponentation engines. As Geoff points out, in many cases a single threaded application will not maximize the devices capabilities and therefore the offload of the CPU will not be as significant.
Each application environment is different, and the value associated with HW for crypto has to be evaluated in terms of the cost vs benifit. HW is NOT the silver bullet that many people think it is.
thanks again. best regards, aleix ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
