Professional Web Applications Themes

Hardware fish encryption? - Linux / Unix Administration

We've got an encryption process which currently runs on one of my ancient Sun boxes (a 4500), and (gasp!) is slow. While I could just throw it onto something made during this century, I wonder if I couldn't instead go with some sort of a hardware or hybrid solution. Can anyone suggest a hardware device, or accelerator card, which would let me speed up our encryption and decryption times? Decryption is more critical, as that's done while the user is waiting for their data. I've looked at Ingrian's site, they look OK but it seems nobody does fish in hardware. ...

  1. #1

    Default Hardware fish encryption?

    We've got an encryption process which currently runs on one of my
    ancient Sun boxes (a 4500), and (gasp!) is slow. While I could
    just throw it onto something made during this century, I wonder if
    I couldn't instead go with some sort of a hardware or hybrid solution.

    Can anyone suggest a hardware device, or accelerator card, which would
    let me speed up our encryption and decryption times? Decryption is more
    critical, as that's done while the user is waiting for their data.
    I've looked at Ingrian's site, they look OK but it seems nobody does
    fish in hardware.

    Or, should I just build a stripped down *BSD box and make my own
    appliance? The possible side-benefit to that is that other programs
    here at work will probably also want encryption solutions, so I could
    use one appliance for many projects.

    Any comments, suggestions, or insights are most welcome.

    Thanks,
    Dave Hinz

    Dave Guest

  2. #2

    Default Re: Hardware fish encryption?

    Begin <net>
    On 2005-04-19, Dave Hinz <net> wrote: 

    If you can find it, ncipher used to make a 5.25"-drive-sized box that
    attaches to a SCSI chain. I know it exists but I couldn't find it on
    their website inside of a minute or so.

     

    Look at soekris.com for example. More specifically:

    http://soekris.com/vpn1401.htm

    FreeBSD and OpenBSD are fully supported, says the website. On my FreeBSD
    5.3 box the crypto(4) and hifn(4) pages are of interest. crypto(4) also
    references safe(4), and a quick google indicates safenet-inc.com may be
    another option to consider.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    jpd Guest

  3. #3

    Default Re: Hardware fish encryption?

    On 20 Apr 2005 08:29:47 GMT, jpd <not.spam.it.invalid> wrote: 
    >
    > If you can find it, ncipher used to make a 5.25"-drive-sized box that
    > attaches to a SCSI chain. I know it exists but I couldn't find it on
    > their website inside of a minute or so.[/ref]

    Ah, sorry, we're looking to encrypt it on it's way to a few TB of SAN disk.
     
    >
    > Look at soekris.com for example. More specifically:
    > http://soekris.com/vpn1401.htm
    > safenet-inc.com may be another option to consider.[/ref]

    Ah, now that's interesting. Thanks.


    Dave Hinz

    Dave Guest

  4. #4

    Default Re: Hardware fish encryption?

    Dave Hinz wrote: 
    >>
    >>If you can find it, ncipher used to make a 5.25"-drive-sized box that
    >>attaches to a SCSI chain. I know it exists but I couldn't find it on
    >>their website inside of a minute or so.[/ref]
    >
    >
    > Ah, sorry, we're looking to encrypt it on it's way to a few TB of SAN disk.
    >
    >[/ref]

    Would one of the Sun crypto accelerator boards do what you need?

    http://www.sun.com/products/networking/sslaccel/index.html

    --
    Coy Hile
    psu.edu
    Coy Guest

  5. #5

    Default Re: Hardware fish encryption?

    On Wed, 20 Apr 2005 12:17:14 -0400, Coy Hile <psu.edu> wrote: 
    >
    > Would one of the Sun crypto accelerator boards do what you need?
    > http://www.sun.com/products/networking/sslaccel/index.html[/ref]

    I've been wondering those, myself. Apparently not for fish, but
    we're not absolutely tied to that particular flavor of encryption.
    That'd certainly be the quickest thing to implement, and it looks like
    it's got excellent throughput. Added benefit is that I could throw it
    into my existing hardware and not add yet another host to manage.
    Close to 100 boxes, with 4 guys, is getting kinda heavy, y'know?


    Dave Guest

  6. #6

    Default Re: Hardware fish encryption?

    Coy Hile <psu.edu> wrote: 

    The company formerly known as Rainbow, now SafeNet, also makes
    accelerator cards: http://www.safenet-inc.com/ (can't link to a
    products page due to crappy site design) I had a very small amount of
    experience with the Rainbow stuff; I don't know if the SafeNet stuff is
    similar, but Rainbow always had good Sun support, AFAIK.

    JDW

    Jeremiah Guest

  7. #7

    Default Re: Hardware fish encryption?

    Dave Hinz wrote: 
    >>
    >>Would one of the Sun crypto accelerator boards do what you need?
    >>http://www.sun.com/products/networking/sslaccel/index.html[/ref]
    >
    >
    > I've been wondering those, myself. Apparently not for fish, but
    > we're not absolutely tied to that particular flavor of encryption.[/ref]

    Switching to another algorithm (like AES) might be advisable, if for no
    other reason than better hardware availability. Also, while fish was
    subject to quite a bit of scrutiny during its AES bid, the fact that it
    didn't win means that far fewer of the academic types are spending their
    time looking for its weaknesses.
     

    It looks like the Sun cards are geared more towards SSL and public-key
    encryption, which may or may not be acceptable to you.

    Nick
    Nick Guest

  8. #8

    Default Re: Hardware fish encryption?

    On Wed, 20 Apr 2005 19:54:40 -0400, Nick Bachmann <org> wrote: 
    >>
    >>
    >> I've been wondering those, myself. Apparently not for fish, but
    >> we're not absolutely tied to that particular flavor of encryption.[/ref]
    >
    > Switching to another algorithm (like AES) might be advisable, if for no
    > other reason than better hardware availability. Also, while fish was
    > subject to quite a bit of scrutiny during its AES bid, the fact that it
    > didn't win means that far fewer of the academic types are spending their
    > time looking for its weaknesses.[/ref]

    That seems to be consistant with what I've been learning over the last week,
    as well.
     [/ref]
     

    My Sun guy is going to have a techie get back to me, but I think you're
    right. So at the moment it looks like something like a Sun 240, with
    a hardware AES card, that I can then use as an enterprise-wide solution.
    When I need more capacity, I can add another 240 with hardware card. We
    have only two projects using encryption in this manner right now, and
    the 4500 they're using to encrypt is getting old & tired.

    Thanks (all) for your thoughts, I'll summarize when I come up with
    a workable solution. Of course, then someone will post a "hey, why didn't
    you (thing that is cheaper and faster)", but that's OK ...

    Dave Hinz

    Dave Guest

Similar Threads

  1. Need help with encryption
    By gh0st54 in forum ASP.NET Security
    Replies: 0
    Last Post: November 13th, 02:55 PM
  2. Problems compiling Crypt::fish on AIX 5.2
    By ckinion in forum PERL Modules
    Replies: 0
    Last Post: October 14th, 09:31 PM
  3. mcrypt fish encryption and Chilcat
    By Stephen Holly in forum PHP Development
    Replies: 0
    Last Post: August 8th, 10:38 AM
  4. Encryption
    By John in forum Microsoft SQL / MS SQL Server
    Replies: 5
    Last Post: August 6th, 11:15 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139