OpenSSH PKCS#11merge
Ben Lindstrom
mouring at eviladmin.org
Wed Jan 9 09:53:42 EST 2008
On Tue, 8 Jan 2008, Peter Stuge wrote:
[..]
>> I also splitted the patches so it will be clear what goes to where
>> and why.
>>
>> Available for OpenSSH and Portable OpenSSH versions, and X.509
>> functionality.
>
> Cool! Have you made any research on pkcs#11 in OpenBSD? I asked
> around in #openbsd on freenode some time ago but noone there had
> heard any strong opinions either for or against it.
>
> OpenBSD has support for hardware crypto, but that's all in the kernel
> and I suppose applications all use whatever native API:s there are,
> which then may or may not be accelerated.
>
> Might be interesting to check out. OpenVPN supposedly can make use of
> the hw crypto acceleration. I don't know at all about the scope of
> OBSD hw crypto support. Perhaps a p11 wrapper for the OBSD native API
> would be useful. :)
>
IIRC, any application using OpenSSL with a supported encryption hardware
gains the performance boost under OpenBSD.
I know I did some research a few years ago and almost picked up a Soekris
with a VPN card. Just started considering how much CPU cycles my home
server uses and realized I wouldn't be happy with it.
- Ben
More information about the openssh-unix-dev
mailing list