Re: Hardware acceleration for loop-AES?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Apr 18, 2005, at 4:16 AM, Toby wrote:

Dear list,

    is there any hardware acceleration card (something computing AES
at hardware-speed) for the i386 platform, to be used with loop-AES?

Do you know of any such card that could *possibly* be used, after a bit
of driver work? I'm looking for something on the cheap side, to plug
into my modest system, otherwise I would rather upgrade the whole
computer.

I purchased a Soekris Engineering PCI card that incorporates a hifn 7451 encryption accelerator chip for use with my system, which usually runs FreeBSD. For that OS (and OpenBSD), the chipset is supported and is used for TCP network encryption: off-loading VPN computations from the network protocol stack from the main CPU.


However, after getting into the sources etc. I found that chip is *NOT* used for the disk encryption, which was my primary interest. The reason is the relatively low latency of disk I/O vs. network I/O -- for the network encryption, it's perhaps slight gain to perform the encryption in off-board hardware, particularly for low-power, embedded CPUs from 2000-2003, with clock speeds less than 1 GHz.

But for disk I/O you're better off with a commodity 1+ GHz processor rather than an off-board dedicated crypto engine.

You can of course find rather expensive disk controllers that may claim to do the disk encryption in hardware, and there are even some relatively inexpensive external disk enclosures (FireWire, USB) which do this. You have to trust the vendor to get the encryption right, and in some cases they have got it horribly wrong. The excellent revisions that Jari has made to loop-AES over the past 18 months demonstrate how difficult it is to get encryption right, and how the understanding of encryption implementation will evolve over time.

So I think you're better off getting a new CPU/motherboard.

The VIA EPIA mini-ITX systems are particularly interesting for this application, because VIA has implemented some crypto primitives on the CPU *core* -- like MMX, extensions to the instruction set. This is wonderful, as there is no more overhead in calling a crypto engine as there would be to perform a floating-point instruction: it's all on the core of the processor, relatively fast. This month's Linux Journal has a write-up of the technology that is very interesting.
http://www.linuxjournal.com/article/8042
http://www.google.com/search?q=VIA+padlock


Soekris Engineering http://www.soekris.com Hifn PCI card is about $150 USD.
No standard Linux implementation of a device driver for this chip, Google around for 2.4-kernel implementations.
http://lists.soekris.com/pipermail/soekris-tech/2002-March/015070.html
http://lists.soekris.com/pipermail/soekris-tech/2003-October/018955.html


~ boyd
Boyd Waters
Socorro, New Mexico


- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux