[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec NICs?



Jeff Fowler wrote:
> 
> On Mon, 6 Mar 2000, Henry Spencer wrote:
> 
> > ... If it runs at a few tens of megabits and
> > costs a thousand dollars, you're probably better off with CPUs.
> >
> 
> The new 3Com 3CR9990 10/100 Ethernet NIC supports Windows 2000
> IPSec offload at rates of up 90 megabits/sec when using ESP with
> 3DES+MD5 and it costs between $120-140. IPSec crypto offloading to
> a NIC also significantly improves the host system CPU utilization when
> doing 3DES. We have seen CPU utilization drop from over 80% to 20%
> when Windows 2000 ESP-3DES is offloaded to the 3CR9990 NIC.
> 
Except that, according to the 3Com web pagee at:

http://www.3com.com/products/dsheets/400517a.html#1

this offers only single DES outside the US and Canada. Anyone not
already aware that single DES is dangerously insecure might want to
look at:

http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/DES.html

Nice as hardware assists might be, if they don't deliver real security
then you're far better off with software that does.


References: