Hardware blowfish encryption? - Unix

This is a discussion on Hardware blowfish encryption? - Unix ; We've got an encryption process which currently runs on one of my ancient Sun boxes (a 4500), and (gasp!) is slow. While I could just throw it onto something made during this century, I wonder if I couldn't instead go ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Hardware blowfish encryption?

  1. Hardware blowfish encryption?

    We've got an encryption process which currently runs on one of my
    ancient Sun boxes (a 4500), and (gasp!) is slow. While I could
    just throw it onto something made during this century, I wonder if
    I couldn't instead go with some sort of a hardware or hybrid solution.

    Can anyone suggest a hardware device, or accelerator card, which would
    let me speed up our encryption and decryption times? Decryption is more
    critical, as that's done while the user is waiting for their data.
    I've looked at Ingrian's site, they look OK but it seems nobody does
    blowfish in hardware.

    Or, should I just build a stripped down *BSD box and make my own
    appliance? The possible side-benefit to that is that other programs
    here at work will probably also want encryption solutions, so I could
    use one appliance for many projects.

    Any comments, suggestions, or insights are most welcome.

    Thanks,
    Dave Hinz


  2. Re: Hardware blowfish encryption?

    Begin <3cl64oF6htmq7U1@individual.net>
    On 2005-04-19, Dave Hinz wrote:
    > Can anyone suggest a hardware device, or accelerator card, which would
    > let me speed up our encryption and decryption times? Decryption is more
    > critical, as that's done while the user is waiting for their data.
    > I've looked at Ingrian's site, they look OK but it seems nobody does
    > blowfish in hardware.


    If you can find it, ncipher used to make a 5.25"-drive-sized box that
    attaches to a SCSI chain. I know it exists but I couldn't find it on
    their website inside of a minute or so.


    > Or, should I just build a stripped down *BSD box and make my own
    > appliance? The possible side-benefit to that is that other programs
    > here at work will probably also want encryption solutions, so I could
    > use one appliance for many projects.


    Look at soekris.com for example. More specifically:

    http://soekris.com/vpn1401.htm

    FreeBSD and OpenBSD are fully supported, says the website. On my FreeBSD
    5.3 box the crypto(4) and hifn(4) pages are of interest. crypto(4) also
    references safe(4), and a quick google indicates safenet-inc.com may be
    another option to consider.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .

  3. Re: Hardware blowfish encryption?

    On 20 Apr 2005 08:29:47 GMT, jpd wrote:
    > Begin <3cl64oF6htmq7U1@individual.net>
    > On 2005-04-19, Dave Hinz wrote:
    >> Can anyone suggest a hardware device, or accelerator card, which would
    >> let me speed up our encryption and decryption times? Decryption is more
    >> critical, as that's done while the user is waiting for their data.
    >> I've looked at Ingrian's site, they look OK but it seems nobody does
    >> blowfish in hardware.

    >
    > If you can find it, ncipher used to make a 5.25"-drive-sized box that
    > attaches to a SCSI chain. I know it exists but I couldn't find it on
    > their website inside of a minute or so.


    Ah, sorry, we're looking to encrypt it on it's way to a few TB of SAN disk.

    >> Or, should I just build a stripped down *BSD box and make my own
    >> appliance? The possible side-benefit to that is that other programs
    >> here at work will probably also want encryption solutions, so I could
    >> use one appliance for many projects.

    >
    > Look at soekris.com for example. More specifically:
    > http://soekris.com/vpn1401.htm
    > safenet-inc.com may be another option to consider.


    Ah, now that's interesting. Thanks.


    Dave Hinz


  4. Re: Hardware blowfish encryption?

    Dave Hinz wrote:
    > On 20 Apr 2005 08:29:47 GMT, jpd wrote:
    >
    >>Begin <3cl64oF6htmq7U1@individual.net>
    >>On 2005-04-19, Dave Hinz wrote:
    >>
    >>>Can anyone suggest a hardware device, or accelerator card, which would
    >>>let me speed up our encryption and decryption times? Decryption is more
    >>>critical, as that's done while the user is waiting for their data.
    >>>I've looked at Ingrian's site, they look OK but it seems nobody does
    >>>blowfish in hardware.

    >>
    >>If you can find it, ncipher used to make a 5.25"-drive-sized box that
    >>attaches to a SCSI chain. I know it exists but I couldn't find it on
    >>their website inside of a minute or so.

    >
    >
    > Ah, sorry, we're looking to encrypt it on it's way to a few TB of SAN disk.
    >
    >


    Would one of the Sun crypto accelerator boards do what you need?

    http://www.sun.com/products/networki...cel/index.html

    --
    Coy Hile
    hile@cse.psu.edu

  5. Re: Hardware blowfish encryption?

    On Wed, 20 Apr 2005 12:17:14 -0400, Coy Hile wrote:
    > Dave Hinz wrote:
    >>
    >> we're looking to encrypt it on it's way to a few TB of SAN disk.

    >
    > Would one of the Sun crypto accelerator boards do what you need?
    > http://www.sun.com/products/networki...cel/index.html


    I've been wondering those, myself. Apparently not for Blowfish, but
    we're not absolutely tied to that particular flavor of encryption.
    That'd certainly be the quickest thing to implement, and it looks like
    it's got excellent throughput. Added benefit is that I could throw it
    into my existing hardware and not add yet another host to manage.
    Close to 100 boxes, with 4 guys, is getting kinda heavy, y'know?



  6. Re: Hardware blowfish encryption?

    Coy Hile wrote:
    > Would one of the Sun crypto accelerator boards do what you need?
    > http://www.sun.com/products/networki...cel/index.html


    The company formerly known as Rainbow, now SafeNet, also makes
    accelerator cards: http://www.safenet-inc.com/ (can't link to a
    products page due to crappy site design) I had a very small amount of
    experience with the Rainbow stuff; I don't know if the SafeNet stuff is
    similar, but Rainbow always had good Sun support, AFAIK.

    JDW


  7. Re: Hardware blowfish encryption?

    Dave Hinz wrote:
    > On Wed, 20 Apr 2005 12:17:14 -0400, Coy Hile wrote:
    >
    >>Dave Hinz wrote:
    >>
    >>>we're looking to encrypt it on it's way to a few TB of SAN disk.

    >>
    >>Would one of the Sun crypto accelerator boards do what you need?
    >>http://www.sun.com/products/networki...cel/index.html

    >
    >
    > I've been wondering those, myself. Apparently not for Blowfish, but
    > we're not absolutely tied to that particular flavor of encryption.


    Switching to another algorithm (like AES) might be advisable, if for no
    other reason than better hardware availability. Also, while Blowfish was
    subject to quite a bit of scrutiny during its AES bid, the fact that it
    didn't win means that far fewer of the academic types are spending their
    time looking for its weaknesses.

    > That'd certainly be the quickest thing to implement, and it looks like
    > it's got excellent throughput.


    It looks like the Sun cards are geared more towards SSL and public-key
    encryption, which may or may not be acceptable to you.

    Nick

  8. Re: Hardware blowfish encryption?

    On Wed, 20 Apr 2005 19:54:40 -0400, Nick Bachmann wrote:
    > Dave Hinz wrote:
    >> On Wed, 20 Apr 2005 12:17:14 -0400, Coy Hile wrote:
    >>
    >>>Dave Hinz wrote:
    >>>
    >>>>we're looking to encrypt it on it's way to a few TB of SAN disk.
    >>>
    >>>Would one of the Sun crypto accelerator boards do what you need?
    >>>http://www.sun.com/products/networki...cel/index.html

    >>
    >>
    >> I've been wondering those, myself. Apparently not for Blowfish, but
    >> we're not absolutely tied to that particular flavor of encryption.

    >
    > Switching to another algorithm (like AES) might be advisable, if for no
    > other reason than better hardware availability. Also, while Blowfish was
    > subject to quite a bit of scrutiny during its AES bid, the fact that it
    > didn't win means that far fewer of the academic types are spending their
    > time looking for its weaknesses.


    That seems to be consistant with what I've been learning over the last week,
    as well.

    >> That'd certainly be the quickest thing to implement, and it looks like
    >> it's got excellent throughput.


    > It looks like the Sun cards are geared more towards SSL and public-key
    > encryption, which may or may not be acceptable to you.


    My Sun guy is going to have a techie get back to me, but I think you're
    right. So at the moment it looks like something like a Sun 240, with
    a hardware AES card, that I can then use as an enterprise-wide solution.
    When I need more capacity, I can add another 240 with hardware card. We
    have only two projects using encryption in this manner right now, and
    the 4500 they're using to encrypt is getting old & tired.

    Thanks (all) for your thoughts, I'll summarize when I come up with
    a workable solution. Of course, then someone will post a "hey, why didn't
    you (thing that is cheaper and faster)", but that's OK ...

    Dave Hinz


+ Reply to Thread