[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec NICs?
Jeff Fowler wrote:
>
> On Mon, 6 Mar 2000, Henry Spencer wrote:
>
> > ... If it runs at a few tens of megabits and
> > costs a thousand dollars, you're probably better off with CPUs.
> >
>
> The new 3Com 3CR9990 10/100 Ethernet NIC supports Windows 2000
> IPSec offload at rates of up 90 megabits/sec when using ESP with
> 3DES+MD5 and it costs between $120-140. IPSec crypto offloading to
> a NIC also significantly improves the host system CPU utilization when
> doing 3DES. We have seen CPU utilization drop from over 80% to 20%
> when Windows 2000 ESP-3DES is offloaded to the 3CR9990 NIC.
>
Except that, according to the 3Com web pagee at:
http://www.3com.com/products/dsheets/400517a.html#1
this offers only single DES outside the US and Canada. Anyone not
already aware that single DES is dangerously insecure might want to
look at:
http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/DES.html
Nice as hardware assists might be, if they don't deliver real security
then you're far better off with software that does.
References: