Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] [Bacula-devel] Hardware Crypto-Accelerators and Bacula

2009-09-10 14:23:18
Subject: Re: [Bacula-users] [Bacula-devel] Hardware Crypto-Accelerators and Bacula
From: Steve Polyack <korvus AT comcast DOT net>
To: Kern Sibbald <kern AT sibbald DOT com>
Date: Thu, 10 Sep 2009 14:16:58 -0400 
Kern Sibbald wrote:
> Hello
>
> Given the way you asked your questions, I don't expect you will get any 
> answers ...
>   
I suppose the questions were geared directly towards someone else who 
may be familiar with the crypto code in Bacula.  I'm not sure I can be 
more clear otherwise.
> On Wednesday 09 September 2009 16:52:12 Steve Polyack wrote:
>   
>> I may have asked this question before, but has anyone had any luck with
>> getting Bacula to utilize a hardware crypto accelerator for FD
>> encryption?  Setting the engine(3) options in openssl.cnf do not appear
>> to have any affect.  This can be confirmed with statistic programs which
>> hook into the crypto drivers, showing that no data is being processed by
>> the accelerator during backups.
>>
>> A few months ago I attempted a patch to add OpenSSL engine(3) selection
>> support to the Bacula source code.  This was unsuccessful, as merely
>> selecting and enabling the hardware crypto engine will cause Bacula to
>> crash upon updating the cipher context.  Based on various similar
>> examples I have coded, the best I can come up with is that this has
>> something to do with the IV generation / IVs that are being used.  
>>     
>
> I have no idea what IVs are, and I imagine it is the same for other 
> developers.
>
>   
How I understand it: IVs are Initialization Vectors, an initial block of 
data which allow a cipher to be used in a streaming fashion (i.e. plain 
text is continuously funneled into the open OpenSSL cipher context) 
instead of encrypting only the amount of data equal the blocksize.  
Bacula generates and uses an IV for each cryptographic session that is 
opened (each file).
>> Does anyone have any ideas here?
>>     
>
> No.
>   
Very well - Is the original author the only person who is familiar with 
the code?  The code lists Langdon Fuller, so I've sent a similar inquiry 
over to him.  Thanks anyways.
>   
>> This is a valuable feature to support.  When backing up large amounts of
>> data, I have witnessed almost a quadrupling of the job run time after
>> simply enabling FD encryption.  Rates drop from 15MB/sec to under
>> 5MB/sec, making backups take way too long.  It is also easy to monitor
>> the massive load which they put upon the CPU.
>>     
>
> Kern
>
>   

Steve


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] [Bacula-devel] Hardware Crypto-Accelerators and Bacula, Kern Sibbald
Next by Date:  Re: [Bacula-users] [Bacula-devel] Hardware Crypto-Accelerators and Bacula, Kern Sibbald
Previous by Thread:  Re: [Bacula-users] [Bacula-devel] Hardware Crypto-Accelerators and Bacula, Kern Sibbald
Next by Thread:  Re: [Bacula-users] [Bacula-devel] Hardware Crypto-Accelerators and Bacula, Kern Sibbald
Indexes:  [Date] [Thread] [Top] [All Lists]