[Cryptography] Using Raspberry Pis
Phillip Hallam-Baker
hallam at gmail.com
Sun Jan 5 20:03:03 EST 2014
On Sun, Jan 5, 2014 at 6:49 PM, Nathan <nd at rtfm.net> wrote:
> On Mon, Aug 26, 2013 at 4:12 PM, Phillip Hallam-Baker <hallam at gmail.com>
> wrote:
> > So I would like at minimum such a device to be my DNS + DHCP + PKI + NTP
> > configuration service and talk a consistent API to the rest of the
> network.
> > Which is the work I am doing on Omnibroker.
>
> Anyone who is interested in a "home server/firewall" device like this
> may want to look at the EdgeRouter Lite from Ubiquiti (~US$90-100).
> FreeBSD 10.0 runs, basically, out of the box -- with a full read/write
> filesystem, as the storage inside is a regular 4GB USB flash drive.
> Currently, installing FreeBSD requires taking out this flash drive and
> writing an image to it, as well as using a serial console cable to
> change a bootloader setting. However, in the near future, an installer
> that can easily be run from the factory OS should hopefully be
> available.
>
> I have ready-to-go FreeBSD images for the device available, as well as
> a detailed guide to getting up and running, at
> http://rtfm.net/FreeBSD/ERL/. I also have, of course, a simple shell
> script that can build identical images from your copy of the FreeBSD
> source tree, at http://rtfm.net/FreeBSD/ERL/mkerlimage
>
> Installing FreeBSD gives up some of the high-performance features of
> the device, however, it still beats the pants off a Raspberry Pi. It
> also has some hardware crypto support, and that also works in FreeBSD,
> if that's your cup of tea.
>
> Just two very preliminary tests:
>
> 1. iperf, between two gigabit PCs, with the ERL in the middle passing
> packets only (no filtering):
>
> [ ID] Interval Transfer Bandwidth
> [ 3] 0.0-30.0 sec 905 MBytes 253 Mbits/sec
>
> More threads, same result:
> [ ID] Interval Transfer Bandwidth
> [ 5] 0.0-30.0 sec 229 MBytes 63.9 Mbits/sec
> [ 6] 0.0-30.0 sec 262 MBytes 73.2 Mbits/sec
> [ 8] 0.0-30.0 sec 203 MBytes 56.7 Mbits/sec
> [ 7] 0.0-30.0 sec 211 MBytes 58.9 Mbits/sec
> [SUM] 0.0-30.0 sec 904 MBytes 253 Mbits/sec
>
> 2. Encryption with and without the hardware-accelerated cipher mode,
> on a 50MB file in memory (tmpfs):
>
> # df -h /tmp ; dd if=/dev/urandom of=50MB bs=10k count=5k
> Filesystem Size Used Avail Capacity Mounted on
> tmpfs 192M 4.0K 192M 0% /tmp
> 5120+0 records in
> 5120+0 records out
> 52428800 bytes transferred in 16.993329 secs (3085258 bytes/sec)
> # for i in aes-256-cbc aes-128-cbc aes-256-ctr aes-128-ctr rc4; do
> > echo -n "$i : "
> > time openssl enc -$i -nosalt -k 'nothing to hide' < 50MB > /dev/null
> > done
> aes-256-cbc : 2.02 real 0.28 user 1.73 sys
> aes-128-cbc : 1.95 real 0.24 user 1.71 sys
> aes-256-ctr : 12.25 real 11.41 user 0.83 sys
> aes-128-ctr : 9.45 real 8.58 user 0.85 sys
> rc4 : 3.33 real 2.48 user 0.84 sys
>
> I have yet to test any real setup, with packet inspection, NAT, and
> VPN, but it's showing a lot of promise. Hopefully, someone out there
> finds this useful... or better yet, wants to get involved with making
> things better.
>
That looks more than fast enough for my needs since I can't get more than
75 Mb/sec broadband anyway and there will be a faster model sooner than
that changes.
For me a gateway box should not be a positively trusted system. It should
be trusted in the sense of depending on it to keep the bad stuff out but
compromise of the box should not cause other boxen to fail.
At that price though, I might just go with a two more boxes the same to be
my positively trusted service (fault tolerant).
Is it possible to expand the file store beyond 4Gb or is that a hard limit?
My Google mail file is 8Gb already so I would really need more...
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140105/e2d198f8/attachment.html>
More information about the cryptography
mailing list