At 03:58 PM 9/29/03 -0400, Tyler Durden wrote:
These seem to be actual chips. Anyone know of companies selling Crypto apps for Network processors?
What do you mean "crypto apps"? In some cases you can get support for the crypto hardware in a version of say VxWorks etc which makes it easier. Perhaps you can get as much as full IPSec since RTOS companies often sell IP stacks too. Particularly important when say your SOHO OEM customer doesn't have massive resources or expertise. "Buy our chips, we'll get WindRiver to give you price break, all you do is recompile with #define NUMPORTS set to the number of RJ-45s on the thing" Core or edge, baby? NPU is a marketroid term. What's called a "network processor" might range from an Intel IXP w/ hardware AES (and everything else including mbuf ops), that can do line-rate SONET, for a few hundred $; or an IDT 100 Mhz MIPS with a DES core and ethernet i/f glued on for $10 for your 10Mbps home router. All of them come with some kind of software and/or partnerships with software/OS vendors --hard to sell silicon without that. At least, drivers for common OS. The hardware vendor's problem is this: You have all these transistors to do something with. May as well add crypto to netstuff, just like graphics ops got added to gamestuff. Transistors are free and integrating functions might give you an edge over the competition for a while. When was the last time you shopped for a floating-point co-processor? Eventually innovation becomes a "checkbox" item. Eventually chips will come with cup-holders and power-mirrors. If so, which is deemed more secure by
Cypherpunks...software apps on network processors or outboard chips? (Am I correct in assuming that a crypto app on a network processor is not any
easier to view or examine that a crypto ASIC?)
You add hardware accelerators on chips with other functions to increase crypto-app *performance*. Rarely, you/NSA buy it because its immutable, so you avoid certain problems. (Problems mostly solved by integrated ROMs for your CPU.) Mostly you buy for performance. *Any* black box is less trustworthy than code you can read; however, have you read your OS or compiler recently? Before you claim that others have, Have you realized that trust isn't transitive yet? And are you sure your "generic" black-box CPU (that runs your ever-so-carefully hand-inspected code) hasn't any interesting tricks hidden inside? F00F! If you want complete transparency, use a soft CPU core on an FPGA so nothing (but the FPGA fabric) is opaque. As a paran^H^H^H^Hcypherpunk, you might design your system to use a few FPGAs (purchased from different vendors as anonymously as possible) identically configured and have them vote. Don't have them vote using Diebold machinery, though :-)
Motorola Locks Down Chips
--------------------------------------------------------------------------------
Motorola Inc. (NYSE: MOT - message board) has become the latest vendor
integrate security into its microprocessors, continuing the trend of
to putting
encryption acceleration on-chip. ... Naturally, processor companies believe they can further speed things up -- and save OEMs a bit of money -- by merging the co-processors into their own chips. Broadcom Corp. (Nasdaq: BRCM - message board), Integrated Device
Technology Inc. (IDT) (Nasdaq: IDTI - message board), and PMC-Sierra Inc. (Nasdaq: PMCS - message board) are adding security to their microprocessors; and Agere Systems Inc. (NYSE: AGR.A) and Intel Corp. (Nasdaq: INTC - message board) have done the same with some of their network processors (see Vendors Add Security to MIPS Chips and Intel Moves on Security ).