Secure peripheral cards

Adam Back adam at cypherspace.org
Thu Mar 21 19:06:15 EST 2002 

On Thu, Mar 21, 2002 at 10:02:20AM -0500, R. A. Hettinga wrote:
> At 7:21 PM -0500 on 3/20/02, Roop Mukherjee wrote:
> > I am searching for some citable references about secure peripheral cards.
> > Contrary to what I had imagined when I had started searching, I found very
> > little. I am looking to see what are the peripherals that have
> > cryptographic capabilities and what are thier capabilities?
> >
> > The Embassy (www.wave.com) thing seems like a single secure system in
> > itself, which can run programs and do everything from secure boot to
> > secure IO. So I imagine that all of this stuff will not be put in the
> > peripherals. Also in the same vein US patent 6,314,409 talk of a secure
> > system but in more abstract terms.
> >
> > Intel's audio players and sigmatels auddio _decoders_ (can be a
> > comeplte device or a peripheral according to the brochure) seems to calim
> > Microsoft's DRM compatibility.
> >
> > I would appreciate some better references.
> 
> I think you should talk to NCipher about this stuff.
> 
> As far as I can tell, Nicko's hardware development people have the best
> handle on secure boxes to store keys in, cryptographic accelerator
> peripherals, and so on.

I'm not sure NCipher gear is the #1 for acceleration, I think they're
probably more focussed and used for secure key management.  For
example they quote [1] an nForce can do up to 400 new SSL connections
per second.  So that's CRT RSA, not sure if 1024 bit or 512 bit (it
does say "up to").  openSSL on a PIII-633Mhz can do 265 512 bit CRT
RSA per second, or 50 1024 bit CRT RSA per second.  So wether it will
even speed up current entry-level systems depends on the correct
interpretation of the product sheet.  

And the economics of course depends on how expensive they are relative
to general purpose CPUs, plus the added complexity of using embedded
hardware and drivers and getting to play with your web server.
General purpose CPUs are _really_ fast and cheap right now.

But for the application at hand -- secure key-management, perhaps an
NCipher card is ok -- I haven't compared feature sets so can't really
comment.

Adam

[1] http://www.ncipher.com/products/rscs/datasheets/nFast.pdf

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list