From: Phil S. <al...@me...> - 2010-04-07 12:56:59
|
On 04/07/10 05:09, Craig Ringer wrote: > Richard Scobie wrote: >> Would it be possible to optimise this task by perhaps reading data in >> "chunks", which in turn can be encrypted by a core each, before being >> recombined and written out to tape? > > Bacula uses OpenSSL for crypto support. It doesn't seem to support any > other crypto libraries like NSS or GnuTLS. FWIW, memory says we tried using GnuTLS once. It turns out that for this purpose it is (or was) horribly broken. In fact, at the time, I seem to recall the mere presence of Red Hat's GnuTLS lib broke Bacula altogether. > Some hardware, like the Via C7 series of CPUs, have built-in AES crypto > hardware (PadLock) that on a single thread can do *insane* encryption > rates. On the older C3 series CPUs I've had no problems saturating a > 100MBit line with encrypted ssh data, despite the gutless 400MHz C3 CPU. > > Intel has introduced similar instructions on their Xeon 5600 series: > http://software.intel.com/en-us/articles/boosting-openssl-aes-encryption-with-intel-ipp/ > > It'd be lovely to be able to use the IPP libraries in Bacula (and many > other things) for parallel crypto and many other parallel tasks, as > they're excellent even without special hardware. Unfortunately they're > rather GPL-incompatible and are only "free" for non-commercial use. It would indeed be very nice to be able to use that kind of hardware crypto support without having to jump through licensing hoops. -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 al...@ca... al...@me... ph...@co... Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. |