Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sun Plans Security Coprocessor For New Ultrasparc

Posted by Soulskill on from the a-good-processor-knows-how-to-delegate dept.

angry tapir writes "At the Hot Chips conference at Stanford University, Sun presented plans for a security accelerator chip that it said would reduce encryption costs for applications such as VoIP calls and online banking Web sites. The coprocessor will be included on the same silicon as Rainbow Falls, the code name for the follow-on to Sun's multi-threaded Ultrasparc T2 processor."

7 of 59 comments (clear)

  1. Re:Encryption != Security by fuzzyfuzzyfungus · · Score: 2, Informative

    But understanding is hard and buying "solutions" is easy, so the cryptographic coprocessor is now a security chip. So saith marketing.

  2. Re:Encryption != Security by TheRaven64 · · Score: 2, Informative

    Except that there are chips with security coprocessors, which are not the same thing. Most modern ARM chips, for example, include a trust zone feature which only runs signed code and prevents tampering (it's used, for example, to make it impossible to unlock a device without entering a passcode). Cryptographic acceleration on-chip isn't particularly novel either; the Via C-series chips have done it for a while, and OpenSSL will use. That's not to say it isn't useful; especially in a data centre where power usage matters a lot, having dedicated silicon for common operations can boost your performance-per-Watt numbers a huge amount (compare H.264 encoding on an i.MX515 to a Xeon, for example).

    --
    I am TheRaven on Soylent News
  3. Re:Encryption != Security by chill · · Score: 2, Informative

    Again, the people that understand the difference don't need it explained to them. Those that don't -- the ones that sign the checks -- will just be confused. Now, even more so if you bring up trusted execution.

    Sun's been doing encryption offload since well before Via added it on their chips. This is just a new revision of their crypto accelerator board. Personally, I've been using these for years. Cheap and effective.

    --
    Learning HOW to think is more important than learning WHAT to think.
  4. Re:What should occur, by Bill,+Shooter+of+Bul · · Score: 2, Informative

    There are already several cryptographic accelerators available to slip into servers as add on cards. Plus, Via also makes an x86 compatible processor with similar security features. ( although you'd have to be brain dead to try and run one in a performance critical server).

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  5. Re:Difference from the T1/T2 on-chip cryptography? by Score+Whore · · Score: 3, Informative

    The T1 and T2 have different cryptographic capabilities. See page 5 of "Using the Cryptographic Accelerators" a description. I would imagine that they are including even more support.

  6. Re:Difference from the T1/T2 on-chip cryptography? by zdzichu · · Score: 2, Informative

    Not much difference, it's just third iteration of in-CPU crypto accells. See details in presentation.

    --
    :wq
  7. Re:Difference from the T1/T2 on-chip cryptography? by thogard · · Score: 4, Informative

    The T1 only has hardware to help with the initial key exchange. SSL traffic starts with an RSA key exchange using a a huge public/private key and then uses a block cypher like DES or SHA or RC4 to encrypt the data using the key that was exchanged via the RSA encryption. The T1 can't do block cyphers quickly and only has the first part speeded up. I found that my amd based X2100 would catch up to the T1 based T1000 after about 3000 bytes of an SSL stream and then quickly pass it. I've been told that the T1 was supposed to have block cypher hardware but maybe it was buggy and was disabled. Anyway sun should kill the T1 since its slow and expensive. Maybe thats their intent with their new T3120 but few details have been released.