Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Hardware-Based Encryption Dead Yet?

Posted by timothy on from the buzzwords-never-die dept.

DoomDoom writes: "OK, been checking out some of the h/w encryption stuff. Liked Intel's dual purpose card. But just wondering if this PA SEC 100 card has any purpose. I mean , this baby costs around $2k+ and will probably sit in a server with 2 or more CPUs (Pentium III or above). So why even bother with hardware encryption? I mean in the era of Pentium IV etc. powered servers, does it even make sense to have hardware based encryption cards?" Maybe another way to think of this question is "Are encryption-breaking schemes advancing faster than the processing power you're able to spare from your server's primary job?" If so, even a few thousand dollars may be a worthwhile investment. Any thoughts from those who've chosen (or avoided) in-hardware encryption?

2 of 12 comments (clear)

  1. Often Overlooked Advantage by cowbutt · · Score: 3

    An often overlooked advantage of hardware-based encryption devices is that if they are properly designed and implemented (i.e. tested and conformant with FIPS-140-1 security level of 3+) then the private key can be reasonably assured to never leave the device, even if it is disassembled.

  2. hardware by joq · · Score: 3


    Certainly it's not dead, and with all the security incidences going on, more and more companies will eventually turn to other means of safeguarding data than the usual suspects (PKI, etc).

    One of the problems with hw based encryption, is the pricing however major corporations esepcially in the financial markets look to hw, as does the military, but there are actually some restrictions on what can be sold due to crypto laws.

    And FYI when you say hw crypto you should note that there are different types of hw, e.g. network, optical, embedded, datalink, etc.

    network based
    Caneware is capable of encrypting and decrypting at through put rates from 1200 bps to 750 kbps full duplex and supports I/O rates up to the T1 rate (1.544 Mbps). cost is $19,500.

    embedded based
    Fascinator can be used for non-tactical communication nets. It is approved for use at all classification levels. the MCX-100, NX 300, Portable Repeater, SABER, SPECTRA, SYNTOR X-9000, SYNTO X-9000 E, Console Interface Unit, and SPECTRA Mobile SVMS have been endorsed. This product is available from Motorola, Inc. The price ranges from $495 for hand-held to $1200 for portable repeaters.

    optical based
    KG-189 is a trunk encryptor designed to be compatible with Synchronous Optical Network (SONET) standard interfaces. It provides optical transport at both the RED and BLACK interfaces to communications systems. The KG-189 program currently consists of models supporting two standard SONET data rates. The OC-3 model operates at 155 Mb/s and the OC-12 model operates at 622 Mb/s. The development of a model supporting the SONET OC-48 data rate of 2.5 Gigab/s has been terminated. The KG-189 supports BENIGN fill capability, traditional key and remote loading of FIREFLY vectors. It is approved for use at all classification levels. The product was developed by Motorola GSTG and Nortel. Production of the KG-189 is provided by Motorola Sectel. The cost for the OC-3 model is $37,654, and the OC-12 model is $62,664.

    datalink based
    Motorola STU-III SECTEL serves as two-wire and four-wire switched telephone systems used in CONUS and Overseas. They are approved for use at all classification levels. The authorized vendor is Motorola, Inc. The cost for a STU-III Sectel is $3,795.

    And the list goes on

    --

    Want Root?