Subject: Re: Interest in Broadcom crypto cards?
To: None <tls@rek.tjls.com>
From: Alicia da Conceicao <alicia@engine.ca>
List: current-users
Date: 02/20/2007 16:12:15
> > At one time, I was really keen on Broadcom and other crypto cards.
> > However, personal computers have become so cheap and powerful, that
> > I am able to get more than >2000 RSA private-key signatures with a
> > RSA key having a 1024bit modulus, just on a cheap/basic 2GHz AMD64
> > machine running NetBSD-amd64.
> How exactly do you measure that?  Even using the latest OpenSSL
> development snapshot, with all the recent asm work, I get about half
> that number with 'openssl speed rsa1024'.

I am using my own RSA implimentation that uses my own big number library,
both of which I work 100% from scratch.  Did I mention that I am a crypto
nut?  ;^)

That being said, OpenSSL should be close to 2000/sec for RSA private key
encryptions with a 1024bit key.  Back in late 2004, I do remember
running some benchmarks with NetBSD-amd64-v2.1 and a version of OpenSSL
which I downloaded from www.openssl.org and linked statically.  I did
my tests on a Shuttle FN95 with an AMD64 3200+ (2GHz) socket 939 chipset.
I do recall posting back then to the NetBSD-amd64 mailing list that the
preloaded OpenSSL for amd64 was too close in comparison to the one that
I downloaded and compiled from source.

Instead of using the default OpenSSL that comes with NetBSD, if you
have time, why not download and statically compile the latest release
of OpenSSL and run the speed tests yourself.  If you are getting slow
values, hopefully you should see a improvement with the version you
compiled.

Although I don't really use OpenSSL, except in my crypto-test suite for
comparison, I would be curious to know how it turns outs for you.

Alicia.