Interesting results - Solaris 10 08/07 (update 4) on v440, no crypto card.
openssl speed rsa1024 -engine pkcs11 -multi N
openssl speed rsa1024 -multi N
Where N was 1 2 4 8
As you can see even without having crypto card there's huge performance increase by using pkcs11 - different algorithm implementation and different compiler?
1 comment:
Yes. Ferenc Rakoczi has hand tuned UltraSPARC III assembler versions of modular exponentiation (and also some symmetric crypto) in our PKCS#11. OpenSSL doesn't get the benefit of that without engine.
Note that a single v440 CPU can do about 200 ops/sec. By comparison, the SCA 1000 accelerator can do about 4400 ops/sec. (A 20-fold increase, never mind the fact that your CPU is also available to do other things!)
Some people have said a few times that hardware crypto acceleration is dead. I don't think so. Its just moving into the CPUs proper instead of being on an expansion bus.
I'm curious about the SCA 6000. That was created after I left the crypto group; I imagine it uses a pair of bcm582x parts, but that's just a guess on my part. Anyone know for sure?
Post a Comment