Hello, Am Dienstag, 8. November 2005 17:56 schrieb Boyd Waters: > On Nov 8, 2005, at 4:28 AM, Venkat Manakkal wrote: > > http://hifn7751.sourceforge.net/ > > I tried the Soekris card on FreeBSD; both OpenBSD and FreeBSD use a > kernel-level cryptographic framework that can use these PCI hardware > accelerators (hifn chips). > > They are not appropriate for on-disk encryption. > > I don't have the details correct, but it is a performance issue: data > must transferred from main memory via the CPU to the PCI card for > processing, and then the data is transferred back, and then it is > written to disk. USB 2.0 has 400Mbit (50 Mbyte) per sec. HD has ~ 20MB. If you just encrypt i/o -data, this shouldn't be an issue. > The accelerator cards are more appropriate for network packet > encryption: the network stack could tell a network interface to > perform direct memory transfer to the crypto card on the PCI bus > before ever hitting the CPU or the main memory. In that application, > one could achieve "wire-speed" encryption of the network packets, > without CPU overhead. > > My experience is that for disk I/O, crypto operations of the CPU are > still faster than the PCI-based crytpo accelerators. Ok.. > This almost certainly does NOT apply to the VIA "padlock" crypto > acceleration, which adds instructions to the x86 ABI and performs > crypto operations on the CPU. > {Open, Free}BSD is a fun system to use if one is concerned about > security and robustness. But I have not found a disk-encryption > solution that rivals loop-aes on Linux for performance and stability. Ok. Thanks, Keep smiling yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
