Re: Hardware blowfish encryption?

• Previous message: Dave Hinz: "Re: ASCII to PDF converter"
• In reply to: Nick Bachmann: "Re: Hardware blowfish encryption?"
• Next in thread: Jeremiah DeWitt Weiner: "Re: Hardware blowfish encryption?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 21 Apr 2005 15:03:00 GMT

On Wed, 20 Apr 2005 19:54:40 -0400, Nick Bachmann <usenet@not-real.org> wrote:
> Dave Hinz wrote:
>> On Wed, 20 Apr 2005 12:17:14 -0400, Coy Hile <hile@cse.psu.edu> wrote:
>>
>>>Dave Hinz wrote:
>>>
>>>>we're looking to encrypt it on it's way to a few TB of SAN disk.
>>>
>>>Would one of the Sun crypto accelerator boards do what you need?
>>>http://www.sun.com/products/networking/sslaccel/index.html
>>
>>
>> I've been wondering those, myself. Apparently not for Blowfish, but
>> we're not absolutely tied to that particular flavor of encryption.
>
> Switching to another algorithm (like AES) might be advisable, if for no
> other reason than better hardware availability. Also, while Blowfish was
> subject to quite a bit of scrutiny during its AES bid, the fact that it
> didn't win means that far fewer of the academic types are spending their
> time looking for its weaknesses.

That seems to be consistant with what I've been learning over the last week,
as well.
 
>> That'd certainly be the quickest thing to implement, and it looks like
>> it's got excellent throughput.
 
> It looks like the Sun cards are geared more towards SSL and public-key
> encryption, which may or may not be acceptable to you.
 
My Sun guy is going to have a techie get back to me, but I think you're
right. So at the moment it looks like something like a Sun 240, with
a hardware AES card, that I can then use as an enterprise-wide solution.
When I need more capacity, I can add another 240 with hardware card. We
have only two projects using encryption in this manner right now, and
the 4500 they're using to encrypt is getting old & tired.

Thanks (all) for your thoughts, I'll summarize when I come up with
a workable solution. Of course, then someone will post a "hey, why didn't
you (thing that is cheaper and faster)", but that's OK ...

Dave Hinz

• Previous message: Dave Hinz: "Re: ASCII to PDF converter"
• In reply to: Nick Bachmann: "Re: Hardware blowfish encryption?"
• Next in thread: Jeremiah DeWitt Weiner: "Re: Hardware blowfish encryption?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Newbie naive question, perhaps - - be kind ... > encryption schemes in the program. ... Cryptainer LE runs a 128 bit implementation of the Blowfish algorithm ... The general, and long-standing, recommendation has been to use PGP wherever ... Just don't ever lose your passphrase, no one will be able to ... (sci.crypt) Re: import passwd file from different UNIX ... >> Blowfish scheme used by OpenBSD, ... encryption algorithm, such as MD5 or Blowfish, by changing the default ... password encryption algorithm. ... MD5 as algorithms to encrypt your passwords. ... (comp.unix.solaris) Re: Encryption key length (RC4 and Blowfish) ... Without knowing the alg ... ]>used or the encryption bits, ... a message without knowing the key. ... Also by this definition, Blowfish is ... (sci.crypt) Re: Known Plaintext Attack Against Blowfish ... > ciphertext for a 650 megabyte blowfish encrypted file, ... > the encryption key, is it possible for me to reverse engineer the key? ... > I have the C source code for the blowfish implementation. ... You can recover the keystream. ... (sci.crypt) Re: The importance of IVs ... back to the original question for this thread regarding freeware ... >>Blowfish encryption that uses IVs. ... > Trying test vectors on a program is almost useless, ... (sci.crypt)