[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
VPN1401 questions, plus what is /dev/srandom?
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: VPN1401 questions, plus what is /dev/srandom?
- From: "Travis H." <solinym_(_at_)_gmail_(_dot_)_com>
- Date: Sat, 25 Feb 2006 22:35:35 -0600
I bought a Soekris VPN1401 card, and have a couple of questions about
it and crypto.
First, I was told to set kern.usercrypto=1 to enable openssl to use
this card. Is this the full and correct purpose of kern.usercrypto?
Secondly, I want to know what functions it can actually perform. I'm
currently getting the same speeds out of the following commands
regardless of whether kern.usercrypto=0 or kern.usercrypto=1:
openssl speed -elapsed -evp sha1
openssl speed -elapsed -evp des-ede3
openssl speed -elapsed -evp des3
However, I cannot explain these results, obtained with kern.usercrypt=1:
$ openssl speed -evp aes-128-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-128-cbc for 3s on 16 size blocks: 14297 aes-128-cbc's in 0.09s
Doing aes-128-cbc for 3s on 64 size blocks: 13720 aes-128-cbc's in 0.06s
Doing aes-128-cbc for 3s on 256 size blocks: 9758 aes-128-cbc's in 0.08s
Doing aes-128-cbc for 3s on 1024 size blocks: 7698 aes-128-cbc's in 0.10s
Doing aes-128-cbc for 3s on 8192 size blocks: 2277 aes-128-cbc's in 0.03s
What's with the 0.09s?
Thirdly, what are the properties of /dev/srandom, /dev/arandom, etc.?
random(9) doesn't really explain their differences.
Finally, how come reading from /dev/random generates EIO? The comment
indicates that I don't have a chip --- does this mean that /dev/random
refers to CPUs that have HWRNGs, and that a VPN1401 add-on PCI card
does not provide this functionality?
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484