Subject: Re: Interest in Broadcom crypto cards?
To: None <tls@rek.tjls.com>
From: Alicia da Conceicao <alicia@engine.ca>
List: tech-security
Date: 02/19/2007 17:28:20
> I may be able to arrange a purchase of crypto cards with the Broadcom
> "ubsec" chipset: either BCM5821 (4000 RSA trasactions/sec, about
> 500Mbit/sec cipher/hash peak) or 5823 (<1000 RSA transactions/sec,
> but AES-CTR and AES-CBC instead of just the 3DES and RC4 of the 5821)
> on low-profile 64/66 PCI cards.
> These are well supported by our drivers and can be hard to find from
> commercial sources.  They're somewhat less buggy than the commonplace
> cheap Hifn cards (e.g. the ones from Soekris).  When I have a better
> idea of demand, I can give accurate pricing, but I'd figure a couple
> hundred bucks for the 5821 and cheaper for the 5823.
> If anyone's interested in these, please let me know and after accumulating
> responses for a week or two, I'll talk to the vendor and get pricing.

At one time, I was really keen on Broadcom and other crypto cards.
However, personal computers have become so cheap and powerful, that
I am able to get more than >2000 RSA private-key signatures with a
RSA key having a 1024bit modulus, just on a cheap/basic 2GHz AMD64
machine running NetBSD-amd64.

The broadcom cards you mentioned are obsolete.

So why pay so much for these cards, and deal with all of the legal
paperwork and export restrictions?  Software crypto on 64bit AMD's
should be more than enough to meet your needs.  And since a lot of
crypto libraries use 64bit math, the AMD's kick butt.

The only justification these days I have for crypto is for embedded
devices that need accelerated crypto for VPN, and smart-cards or USB
crypto-tokens that protect RSA private keys from the host computer.

Alicia.