| version 1.50, 1999/11/18 00:15:36 |
version 1.51, 2000/04/13 12:47:04 |
|
|
| <a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
<a href=#prng>Pseudo Random Number Generators</a> (PRNG): ARC4, ...<br> |
| <a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
<a href=#hash>Cryptographic Hash Functions</a>: MD5, SHA1, ...<br> |
| <a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
<a href=#trans>Cryptographic Transforms</a>: DES, Blowfish, ...<br> |
| |
<a href=#hardware>Cryptographic Hardware support</a><br> |
| <a href=#people>International Cryptographers wanted</a><br> |
<a href=#people>International Cryptographers wanted</a><br> |
| <a href=#papers>Further Reading</a><br> |
<a href=#papers>Further Reading</a><br> |
| <p> |
<p> |
|
|
| confidentiality of remote filesystem access. |
confidentiality of remote filesystem access. |
| <li>In libssl to let applications communicate over the de-facto standard |
<li>In libssl to let applications communicate over the de-facto standard |
| cryptographically secure SSL protocol. |
cryptographically secure SSL protocol. |
| |
</ul> |
| |
|
| |
<p> |
| |
<a name=hardware></a> |
| |
<h3><font color=#e00000>Cryptographic Hardware Support</font></h3><p> |
| |
|
| |
OpenBSD starting with 2.7 supports some limited cryptography hardware. |
| |
<ul> |
| |
<li><b>IPSEC crypto dequeue</b><br> |
| |
Our IPSEC stack has been modified so that cryptographic functions get |
| |
done out-of-line. Most simple software IPSEC stacks need to do |
| |
cryptography when processing each packet. This results in syncronous |
| |
performance. To use hardware properly and speedily one needs to seperate |
| |
these two components, as we have done. Actually, doing this gains some |
| |
performance even for the software case. |
| |
<p> |
| |
<li><b>HiFn 7751</b><br> |
| |
Cards using the 7751 can be used as a cryptographic accelerator (ie. |
| |
<a href="http://www.powercrypt.com">PowerCrypt</a>). |
| |
Current performance using a single Hifn 7751 on each end of a tunnel |
| |
is 63Mbit/sec for 3DES/SHA1 ESP, nearly a 600% improvement over |
| |
using a P3/550 cpu. Further improvements are under way to resolve a |
| |
few more issues, but as of April 13, 2000 the code is considered |
| |
stable.<p> |
| |
The 7751 is considered slow by industry standards and many vendors have |
| |
faster chips (even HiFn now has a faster but much more expensive chip). |
| |
We are already looking at supporting other chips such as |
| |
<a href="http://www.ire.com/OEM/OEMTechnologyDefault.htm">IRE 2141</a>, |
| |
<a href="http://www.bluesteelnet.com/product.html">Bluesteelnet 5501</a>, |
| |
<a href="http://www.pcc.pijnenburg.nl/pcc-ises.htm">Pijnenburg PCC-ISES</a>, |
| |
perhaps the |
| |
<a href="http://www.3com.com/promotions/3c990promo/index.html">3com 3c990</a>, |
| |
and others. IRE and Bluesteelnet in particular have already been very |
| |
friendly, and have given us all the information we need to support their |
| |
hardware. If people wish to help with writing drivers, |
| |
<a href=#people>come and help us</a>. |
| |
(Note: Intel (and 3com to a lesser degree) don't yet fully understand how |
| |
they could benefit from giving us documentation for their cryptography |
| |
cards, so feel free to contact them independently and encourage them.) |
| |
|
| |
<p> |
| |
<li><b>Intel 82802AB/82802AC Firmware Hub RNG</b><br> |
| |
The 82802 FWH chip (found on i810, i820, and i840 motherboards) contains |
| |
a random number generator (RNG). High-performance IPSEC requires more |
| |
random number entropy. As of April 10, 2000, we support the RNG. We |
| |
will add support for other RNG's found on crypto chips. |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www