hardware acceleration
Chris Hedemark
chris@yonderway.com
Wed Apr 16 01:48:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday, April 15, 2003, at 11:44 AM, Ryan Malayter wrote:
> I believe you're going to need to modify the GnuPG codebase on your own
> to support whatever crypto acceleration hardware you'd like to use.
Will never happen; I'm a BOFH not a codemonkey. :-/
> I
> believe GnuPG in its current form it is designed to have as few
> hardware
> and OS dependencies as possible.
I'm not suggesting any dependency by any means, but rather the option
to use hardware if it is present (which is precisely how OpenBSD
handles its crypto built into the kernel in /dev/crypto)
> CPU power is very cheap these days, and GnuPG uses a wide variety of
> algorithms. Most off-the-shelf acceleration hardware you can get will
> not accelerate GnuPG's widely used Diffie-Hellman, Blowfish, and CAST
> algorithms. It probably will accelerate RSA, AES, and 3DES, which are
> commonly used in SSL and Ipsec.
True.
> Since 3 GHz CPUs can be had for under $500, I think speding money on
> some super-fast multiple CPU P4 hardware will probably offer more
> performance than (very selective) crypto hardware acceleration in your
> situation.
The idea for using hardware acceleration is for several reasons:
1) Older machines are perfectly good for serving up web pages & email,
but choke on crypto. Crypto cards are cheaper than new machines.
2) The old machines that are out there don't support new CPU's. So the
so-called cheap 3GHz CPU becomes a lot more expensive when you figure
in the additional cost of a system board, memory and an ATX case.
3) Even if I had a 3GHz system for the cryptonly.org site, I don't want
the heavy GnuPG operations to slow down apache and PHP considerably if
I can help it.
Anyway I guess I'm just being cheap. I'm building this site with no
funding or commercial goals. I've got a bunch of old hardware to throw
at it but not a lot of money for newer hardware (though if you have a
box you want to kick into the project and it is reasonably fast, let me
know *grin*)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iEYEARECAAYFAj6cmhkACgkQYPuF4Zq9lvZXlwCeNB+Dl/T5Pt+/72n/tVLeYiMz
yd4AoLp24PNquLHJaNG48SlPXe70P6cC
=xuL+
-----END PGP SIGNATURE-----