hardware acceleration

Chris Hedemark chris@yonderway.com
Wed Apr 16 01:48:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Tuesday, April 15, 2003, at 11:44 AM, Ryan Malayter wrote:

> I believe you're going to need to modify the GnuPG codebase on your own
> to support whatever crypto acceleration hardware you'd like to use.

Will never happen;  I'm a BOFH not a codemonkey.  :-/

> I
> believe GnuPG in its current form it is designed to have as few 
> hardware
> and OS dependencies as possible.

I'm not suggesting any dependency by any means, but rather the option 
to use hardware if it is present (which is precisely how OpenBSD 
handles its crypto built into the kernel in /dev/crypto)

> CPU power is very cheap these days, and GnuPG uses a wide variety of
> algorithms. Most off-the-shelf acceleration hardware you can get will
> not accelerate GnuPG's widely used Diffie-Hellman, Blowfish, and CAST
> algorithms. It probably will accelerate RSA, AES, and 3DES, which are
> commonly used in SSL and Ipsec.

True.

> Since 3 GHz CPUs can be had for under $500, I think speding money on
> some super-fast multiple CPU P4 hardware will probably offer more
> performance than (very selective) crypto hardware acceleration in your
> situation.

The idea for using hardware acceleration is for several reasons:
1) Older machines are perfectly good for serving up web pages & email, 
but choke on crypto.  Crypto cards are cheaper than new machines.
2) The old machines that are out there don't support new CPU's.  So the 
so-called cheap 3GHz CPU becomes a lot more expensive when you figure 
in the additional cost of a system board, memory and an ATX case.
3) Even if I had a 3GHz system for the cryptonly.org site, I don't want 
the heavy GnuPG operations to slow down apache and PHP  considerably if 
I can help it.

Anyway I guess I'm just being cheap.  I'm building this site with no 
funding or commercial goals.  I've got a bunch of old hardware to throw 
at it but not a lot of money for newer hardware (though if you have a 
box you want to kick into the project and it is reasonably fast, let me 
know *grin*)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iEYEARECAAYFAj6cmhkACgkQYPuF4Zq9lvZXlwCeNB+Dl/T5Pt+/72n/tVLeYiMz
yd4AoLp24PNquLHJaNG48SlPXe70P6cC
=xuL+
-----END PGP SIGNATURE-----