[ previous ] [ next ] [ threads ]
 
 From:  Jim Thompson <jim at netgate dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] False sense of (IPsec)urity?
 Date:  Tue, 08 Nov 2005 14:10:37 -1000
Chris Buechler wrote:

>On 11/8/05, Dinesh Nair <dinesh at alphaque dot com> wrote:
>  
>
>>On 11/08/05 19:33 Jim Thompson said the following:
>>    
>>
>>>support for the VIA AES accelerators appears to be either in, or very
>>>      
>>>
>>it's already there in 6.0-RELEASE. see
>>http://www.freebsd.org/releases/6.0R/relnotes-i386.html
>>    
>>
>
>Yeah, but it's been there, and not functioning properly, for a while. 
>I haven't yet heard a confirmation that it does indeed work properly,
>but I don't know of anyone that's had a chance to test it as is in
>final 6.0-REL.  There are some pfsense users with Padlock devices that
>should be testing it soon.  As recently as a couple months ago, it
>didn't work.  It's supposed to be fixed now, but it was supposed to
>work the first time around too...
>  
>

What Chris said is the reason for my quibble.  I quibbled because it was 
to the m0n0wall 'users' list (not even -dev)
and I figured it could get fixed long before m0n0wall was running on 6.0 
(officially, anyway).   Turns out the original author didn't even test 
it with IPSEC.

Support for VIA Padlock's RNG is also in FreeBSD 6.0.  Thats real RNG, 
not pseudo RNG.   Consider the implications for embedded devices that 
aren't able to exploit the 'normal' sources because they lack a mouse, 
kbd and drives.

So, it will all get tested, and fixed if necessary, and either m0n0wall 
will go to 6.0 or the Padlock support will get backported to 4.11.  
Either way, m0n0wall should be able to pickup support for the fastest 
(for the money) AES accelerator I can find, which can only help IPSEC links.

And should help kick blowfish and linux to the curb.

Jim