What I suspect is that there's already some crypto net processors out
At 05:44 PM 3/20/05 -0500, Tyler Durden wrote: there, that
normal clients never see).
I've programmed (well, microcoded) the Intel IXA family. Some variants of that family can do line-rate AES. They can handle insane line rates, thanks to hardware everything and an array of hyperthreaded RISCs. Not at all classified. At 09:49 AM 3/21/05 -0500, Trei, Peter wrote:
Its quite possible that reconfigurability is part of the future. Your N-way x86 die will come with a few hundred thou reconfigurable gates, which you'll reconfigure to do your Photoshop or MPEG or rendering or speech recognition or modular exponentiation tasks. Obviously this is a big change and there's a lot of software support required (from OS to app) to make it happen. Also there are fascinating tech problems in coupling the reconfig hardware to high bandwidth data flows, required to keep it busy. But the benefits are substantial. Tangentially, I should note that there are "modes of encryption" which can be scaled infinitely with parallel hardware; they use interleaved blocks so each chip sees every Nth block of the real stream. So high clock rates are not required to crypt. It seems that hashing can be parallelized that way too, run a hash-chip on every Nth bit, and hash those partial results. Both ends have to agree on the N-way division (as with the infinitely scalable crypto) but that's all. With regular hashing (and attacks thereof that require grinding out a lot of hashes in order to find a collision, to go back to the original topic) single-chip parallel hardware hacks could speed things up, but (given that modern hashes are designed for CPUs, like AES) I don't ever expect to see DESCrack like gains there. And while TD keeps alluding to the DESCrack suitcase, I'll point out that a GSM Cracker could fit in your carry-on luggage nowadays. Every 'embassy' ought to have one :-)
On Mon, Mar 21, 2005 at 06:34:07PM -0800, Major Variola (ret) wrote:
Counter mode works this way, and is a fairly common mode in any case.
Depending on the interconnect it would probably be faster to do it in blocks of 8-64k, doing it a bit at a time would eat your standard PCI bus alive. There are message authentication modes which can scale 'infinitely' (assuming a sufficiently long message), and don't depend on the number of functional units, so for example I could generate a MAC using my regular single core CPU and you could verify it on a machine with N functional units with a cooresponding speedup of N (modulo some fixed per-message overhead) without us having to agree on anything in advance. For example there is the MAC used in Rogoway's OCB. Unfortunately most (all?) of these algorithms have been patented. -Jack
participants (3)
-
Jack Lloyd -
Major Variola (ret) -
Tyler Durden