full-disk subversion standards released

Thor Lancelot Simon tls at rek.tjls.com
Mon Mar 16 14:31:11 EDT 2009 

On Sun, Mar 15, 2009 at 12:26:39AM +1300, Peter Gutmann wrote:
> 
> I was hoping someone else would leap in about now and question this, but I
> guess I'll have to do it... maybe we have a different definition of what's
> required here, but AFAIK there's an awful lot of this kind of hardware
> floating around out there, admittedly it's all built around older crypto
> devices like Broadcom 582x's and Cavium's Nitrox (because there hasn't been
> any real need to come up with replacements) but I didn't think there'd be much
> problem with finding the necessary hardware, unless you've got some particular
> requirement that rules a lot of it out.

Nitrox doesn't have onboard key memory.  Cavium's FIPS140 certified
Nitrox board-level solutions include a smartcard and a bunch of
additional hardware and software which implement (among other things)
secure key storage -- but these are a world apart from the run of the
mill Nitrox parts one finds embedded in all kinds of commonplace
devices.  They also provide an API which is tailored for FIPS140 compliance:
good if you need it, far from ideal for the common case for web servers, and
very different from the standard set of tools one gets for the bare Nitrox
platform.

There are of course similar board-level solutions using BCM582x as the
crypto core.  But in terms of cost and complexity I might as well just
use custom hardware -- I'd probably come out ahead.  And you can't just
_ignore_ performance, nor new algorithms, so eventually using very old
crypto cores makes the whole thing fail to fly.  (If "moderate"
performance will suffice, I note that NBMK Encryption will still sell
you the old NetOctave NSP2000, which is a pretty nice design that has
onboard key storage but lacks AES, larger SHA variants, and other modern
features).

To the extent of my knowledge there are currently _no_ generally
available, general-purpose crypto accellerator chip-level products with
onboard key storage or key wrapping support, with the exception of parts
first sold more than 5 years ago and being shipped now from old stock.

This was once a somewhat common feature on accellerators targetted at
the SSL/IPsec market.  That appears to no longer be the case.

-- 
Thor Lancelot Simon	                                   tls at rek.tjls.com
    "Even experienced UNIX users occasionally enter rm *.* at the UNIX
     prompt only to realize too late that they have removed the wrong
     segment of the directory structure." - Microsoft WSS whitepaper

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list