[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How to Run High Capacity Tor Relays

On Wed, Sep 1, 2010 at 2:28 PM, John Case <case@xxxxxxxxxxxxxxxx> wrote:
> I really do think some subset of that discussion should be included in your
> "lore", at the very least the parts pertaining to the built-in crypto
> acceleration included in recent sparc CPUs, which appear to be the only
> non-painful way to make this work.

if you're running a high capacity relay you likely don't need hw
acceleration because:

a. you're on a fast server with relatively modern processor to get
into the high capacity game. assembly optimized crypto is pretty fast
on these systems.

b. the compression, buffer management, and other aspects of Tor are
just as significant as the crypto specific parts on such a server.

c. the crypto hw needed to be effective is expensive, at least a
grand, or inside specialized server processors you're unlikely to have
in your dedicated / leased server hardware.

this is not to say it isn't useful. it's useful in all kinds of ways
ranging from efficiency improvements, side channel attack resistance,
to entropy sources for strong session key / nonce generation.

however, i doubt hardware crypto will prove useful for anyone in the
top tier of relay capacity to drastically improve their throughput or
efficiency overall given the current architecture of Tor itself.

and, as mentioned, there have been a number of threads on the subject,
and widely expanded OpenSSL engine support added since last year for
those interested in experimenting with hw acceleration.

best regards,
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/