| version 1.68, 2000/11/08 21:24:54 |
version 1.69, 2000/11/08 21:57:50 |
|
|
| <p> |
<p> |
| <li><b>HiFn 7751</b><br> |
<li><b>HiFn 7751</b><br> |
| Cards using the <a href="http://www.hifn.com/products/7751.html">HiFn 7751</a> |
Cards using the <a href="http://www.hifn.com/products/7751.html">HiFn 7751</a> |
| can be used as a cryptographic accelerator (ie. |
can be used as a symmetric cryptographic accelerator (ie. |
| <a href="http://www.powercrypt.com">PowerCrypt</a>). |
<a href="http://www.powercrypt.com">PowerCrypt</a>). |
| Current performance using a single Hifn 7751 on each end of a tunnel |
Current performance using a single Hifn 7751 on each end of a tunnel |
| is 63Mbit/sec for 3DES/SHA1 ESP, nearly a 600% improvement over |
is 63Mbit/sec for 3DES/SHA1 ESP, nearly a 600% improvement over |
|
|
| threatened to sue us over our non-USA reverse engineering of their |
threatened to sue us over our non-USA reverse engineering of their |
| crypto unlock algorithm). |
crypto unlock algorithm). |
| <p> |
<p> |
| |
|
| |
<li><b>Hifn 6500</b><br> |
| |
This device is an assymetric crypto unit. It has support for RSA, DSA, |
| |
and DH algorithms, as well as other major big number functions. It also |
| |
contains a very high performance random number generator. We have one |
| |
device, full documention, and sample code. Development has not yet |
| |
started. |
| |
<p> |
| |
|
| <li><b>Broadcom BCM5805 (or beta chip Bluesteelnet 5501)</b><br> |
<li><b>Broadcom BCM5805 (or beta chip Bluesteelnet 5501)</b><br> |
| Just after the OpenBSD 2.7 release, we succeeded at adding preliminary |
Just after the OpenBSD 2.7 release, we succeeded at adding preliminary |
| support for these early release parts provided to us by the vendor, |
support for these early release parts provided to us by the vendor, |
| specifically starting with the test chip |
specifically starting with the test chip |
| <a href="http://www.bluesteelnet.com/product.html">5501</a>. |
<a href="http://www.bluesteelnet.com/product.html">5501</a>. |
| |
These devices provide the highest performance symmetric cryptography |
| |
we have seen. |
| |
<p> |
| Bluesteelnet was bought by Broadcom and started making real parts. |
Bluesteelnet was bought by Broadcom and started making real parts. |
| Their new BCM5805 is similar, except that they also add an asymetric |
Their new BCM5805 is similar, except that they also add an asymetric |
| engine for running DSA, RSA, and other such algorithms. With approximate |
engine for running DSA, RSA, and other such algorithms. With approximate |
|
|
| hopefully this chip will become more common soon. |
hopefully this chip will become more common soon. |
| <p> |
<p> |
| The Broadcom/Bluesteelnet people have been great to deal with. They gave |
The Broadcom/Bluesteelnet people have been great to deal with. They gave |
| us complete documentation for their chips and a sufficient number of cards |
us complete documentation and sample code for their chips and a |
| to test with. |
sufficient number of cards to test with. |
| <p> |
<p> |
| |
|
| <li><b>Pijnenburg PCC-ISES</b><br> |
<li><b>Pijnenburg PCC-ISES</b><br> |
|
|
| <li><b>IRE 2141</b><br> |
<li><b>IRE 2141</b><br> |
| We have received documentation and sample hardware for the |
We have received documentation and sample hardware for the |
| <a href="http://www.ire.com/OEM/OEMTechnologyDefault.htm">IRE</a> crypto |
<a href="http://www.ire.com/OEM/OEMTechnologyDefault.htm">IRE</a> crypto |
| cards based on the SafeNet chipset. We would like to get started on |
cards based on the SafeNet chipset. Work to support at least the |
| supporting these soon. |
symmetric cryptography of these devices has started. |
| <p> |
<p> |
| |
|
| <li><b>Other cards</b><br> |
<li><b><a href="http://www.3com.com/promotions/3c990promo/index.html"> |
| We would like to move towards supporting other chips such as: |
3com 3c990</a></b><br> |
| <ul> |
3com don't yet fully understand how they could benefit from giving |
| |
us documentation for their cryptography cards, so feel free to contact |
| |
them independently and encourage them. We had good conversations with |
| |
them, but then the people we talked to change positions. We have given |
| |
up talking to them, since it appears to be a waste of time. |
| |
<p> |
| |
|
| <li><a href="http://www.3com.com/promotions/3c990promo/index.html">3com 3c990</a> |
<li><b>Intel IPSEC card</b><br> |
| <li>An unnamed Intel card |
Much like 3COM, Intel has been refusing to get us documentation. We |
| <li>and others |
have talked to about five technical people who are involved in the |
| </ul> |
development of those products. They all wanted us to have documentation. |
| |
They commend us on what we have done. But their hands are tied by |
| |
management who does not perceive a benefit to themselves for providing |
| |
documentation. |
| <p> |
<p> |
| Intel (and 3com to a lesser degree) don't yet fully understand how |
|
| they could benefit from giving us documentation for their cryptography |
|
| cards, so feel free to contact them independently and encourage them. |
|
| We have given up talking to them, since it appears to be a waste of time. |
|
| <p> |
|
| <b>If people wish to help with writing drivers, |
|
| <a href=#people>come and help us</a>.</b> |
|
| <p> |
|
| <li><b>Intel 82802AB/82802AC Firmware Hub RNG</b><br> |
<li><b>Intel 82802AB/82802AC Firmware Hub RNG</b><br> |
| The 82802 FWH chip (found on i810, i820, and i840 motherboards) contains |
The 82802 FWH chip (found on i810, i820, and i840 motherboards) contains |
| a random number generator (RNG). High-performance IPSEC requires more |
a random number generator (RNG). High-performance IPSEC requires more |
| random number entropy. As of April 10, 2000, we support the RNG. We |
random number entropy. As of April 10, 2000, we support the RNG. We |
| will add support for other RNG's found on crypto chips. |
will add support for other RNG's found on crypto chips. |
| <p> |
<p> |
| |
|
| <li><b>OpenSSL</b><br> |
<li><b>OpenSSL</b><br> |
| We have grand schemes for supporting crypto cards that can do RSA or DSA, |
We have grand schemes for supporting crypto cards that can do RSA or DSA, |
| and exporting the functions of all crypto cards to OpenSSL so that |
and exporting the functions of all crypto cards to OpenSSL so that |
|
|
| <a href="http://www.modssl.org/">apache https</a>, etc) |
<a href="http://www.modssl.org/">apache https</a>, etc) |
| can benefit. |
can benefit. |
| </ul> |
</ul> |
| |
|
| |
<p> |
| |
<b>If people wish to help with writing drivers, |
| |
<a href=#people>come and help us</a>.</b> |
| |
|
| <p> |
<p> |
| <a name=people></a> |
<a name=people></a> |
![[BACK]](/icons/back.gif){kind=icon}
Return to crypto.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www