On Thursday 10 September 2009 20:16:58 Steve Polyack wrote:
> Kern Sibbald wrote:
> > Hello
> >
> > Given the way you asked your questions, I don't expect you will get any
> > answers ...
>
> I suppose the questions were geared directly towards someone else who
> may be familiar with the crypto code in Bacula. I'm not sure I can be
> more clear otherwise.
>
> > On Wednesday 09 September 2009 16:52:12 Steve Polyack wrote:
> >> I may have asked this question before, but has anyone had any luck with
> >> getting Bacula to utilize a hardware crypto accelerator for FD
> >> encryption? Setting the engine(3) options in openssl.cnf do not appear
> >> to have any affect. This can be confirmed with statistic programs which
> >> hook into the crypto drivers, showing that no data is being processed by
> >> the accelerator during backups.
> >>
> >> A few months ago I attempted a patch to add OpenSSL engine(3) selection
> >> support to the Bacula source code. This was unsuccessful, as merely
> >> selecting and enabling the hardware crypto engine will cause Bacula to
> >> crash upon updating the cipher context. Based on various similar
> >> examples I have coded, the best I can come up with is that this has
> >> something to do with the IV generation / IVs that are being used.
> >
> > I have no idea what IVs are, and I imagine it is the same for other
> > developers.
>
> How I understand it: IVs are Initialization Vectors, an initial block of
> data which allow a cipher to be used in a streaming fashion (i.e. plain
> text is continuously funneled into the open OpenSSL cipher context)
> instead of encrypting only the amount of data equal the blocksize.
> Bacula generates and uses an IV for each cryptographic session that is
> opened (each file).
>
> >> Does anyone have any ideas here?
> >
> > No.
>
> Very well - Is the original author the only person who is familiar with
> the code? The code lists Langdon Fuller, so I've sent a similar inquiry
> over to him.
Yes, for the low level questions you are asking, Landon is the only person I
know who would very likely be able to give a response.
Regards
Kern
> Thanks anyways.
>
> >> This is a valuable feature to support. When backing up large amounts of
> >> data, I have witnessed almost a quadrupling of the job run time after
> >> simply enabling FD encryption. Rates drop from 15MB/sec to under
> >> 5MB/sec, making backups take way too long. It is also easy to monitor
> >> the massive load which they put upon the CPU.
> >
> > Kern
>
> Steve
>
>
> ---------------------------------------------------------------------------
>--- Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> 30-Day trial. Simplify your report design, integration and deployment - and
> focus on what you do best, core application coding. Discover what's new
> with Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Bacula-devel mailing list
> Bacula-devel AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-devel
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|