[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VPN1401 questions, plus what is /dev/srandom?


I bought a Soekris VPN1401 card, and have a couple of questions about
it and crypto.

First, I was told to set kern.usercrypto=1 to enable openssl to use
this card.  Is this the full and correct purpose of kern.usercrypto?

Secondly, I want to know what functions it can actually perform.  I'm
currently getting the same speeds out of the following commands
regardless of whether kern.usercrypto=0 or kern.usercrypto=1:

openssl speed -elapsed -evp sha1
openssl speed -elapsed -evp des-ede3
openssl speed -elapsed -evp des3

However, I cannot explain these results, obtained with kern.usercrypt=1:

$  openssl speed -evp aes-128-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-128-cbc for 3s on 16 size blocks: 14297 aes-128-cbc's in 0.09s
Doing aes-128-cbc for 3s on 64 size blocks: 13720 aes-128-cbc's in 0.06s
Doing aes-128-cbc for 3s on 256 size blocks: 9758 aes-128-cbc's in 0.08s
Doing aes-128-cbc for 3s on 1024 size blocks: 7698 aes-128-cbc's in 0.10s
Doing aes-128-cbc for 3s on 8192 size blocks: 2277 aes-128-cbc's in 0.03s

What's with the 0.09s?

Thirdly, what are the properties of /dev/srandom, /dev/arandom, etc.? 
random(9) doesn't really explain their differences.

Finally, how come reading from /dev/random generates EIO?  The comment
indicates that I don't have a chip --- does this mean that /dev/random
refers to CPUs that have HWRNGs, and that a VPN1401 add-on PCI card
does not provide this functionality?
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484