* Aleix Conchillo Flaque ([EMAIL PROTECTED]) wrote: > > i was thinking the same thing yesterday morning: if you need your CPU to > do other things, the cryptographic hardware can help you. the problem is > when you only need cryptographic results in a real-time large process > (let's say talling votes from an election, which is what i'm doing). in > this kind of applications you really need speed. obviously everything is > not cryptographic calculations, there is access to disks, network... but > crypto is a major one.
Yes, but perhaps most important is to ask the question what your machine would do in the mean time if you do elect to send the crypto off to hardware? If the answer is "oodles of stuff, the app is very parallel and we have much more than just crypto to worry about" then that's some support for the idea of crypto acceleration. If the answer is "probably sleep waiting for the response", then your best bet is almost certainly to not bother. Take a look at commodity PC hardware side-by-side with your realistic hardware options in terms of rsa1024-signs per second per dollar. Ie. if you add $1000 to your budget, how much speed-up can it buy you? FWIW: Mark and I did some investigation of this sort of thing quite a while ago and the paper is online, though the numbers (and some of the material) is quite likely a little out of date by now. Still, if you want some food for thought... http://www.geoffthorpe.net/apcon2000/ (note also that the distributed session caching stuff described in there has since been coded commercially and then released as open source, and is sitting in sourceforge at http://www.distcache.org). > regarding to speed again, GMP is a really cool "kick ass" (sorry for the > expression) library, we've used it for some mathematicals calculations, > instead of using OpenSSL BN. if you've done a wrapper with GMP... let me > say that we'll have to spend lots of money in hardware to be as fast as > in software. That depends on your hardware - I no longer see any speed up on athlon. In fact, I see a slight slow down which is probably due to the bignum conversions and no GMP support (that I'm aware of) for caching montgomery forms. Pentium IV, I don't know - perhaps you'll see some improvement if you make sure you have a PentiumIV-optimised build of GMP. On other chipsets however, I'd probably give GMP the head-start. I went ahead and dredged up the GMP-ENGINE source and banged it into commitable shape - it's now in CVS and should appear in the next snapshot if you want to take a look (check the CHANGES entry as a guide for how to configure it - and the engines/e_gmp.c code has some other info near the top if you're interested). Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.openssl.org/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
