On Thursday 10 September 2009 20:16:58 Steve Polyack wrote: > Kern Sibbald wrote: > > Hello > > > > Given the way you asked your questions, I don't expect you will get any > > answers ... > > I suppose the questions were geared directly towards someone else who > may be familiar with the crypto code in Bacula. I'm not sure I can be > more clear otherwise. > > > On Wednesday 09 September 2009 16:52:12 Steve Polyack wrote: > >> I may have asked this question before, but has anyone had any luck with > >> getting Bacula to utilize a hardware crypto accelerator for FD > >> encryption? Setting the engine(3) options in openssl.cnf do not appear > >> to have any affect. This can be confirmed with statistic programs which > >> hook into the crypto drivers, showing that no data is being processed by > >> the accelerator during backups. > >> > >> A few months ago I attempted a patch to add OpenSSL engine(3) selection > >> support to the Bacula source code. This was unsuccessful, as merely > >> selecting and enabling the hardware crypto engine will cause Bacula to > >> crash upon updating the cipher context. Based on various similar > >> examples I have coded, the best I can come up with is that this has > >> something to do with the IV generation / IVs that are being used. > > > > I have no idea what IVs are, and I imagine it is the same for other > > developers. > > How I understand it: IVs are Initialization Vectors, an initial block of > data which allow a cipher to be used in a streaming fashion (i.e. plain > text is continuously funneled into the open OpenSSL cipher context) > instead of encrypting only the amount of data equal the blocksize. > Bacula generates and uses an IV for each cryptographic session that is > opened (each file). > > >> Does anyone have any ideas here? > > > > No. > > Very well - Is the original author the only person who is familiar with > the code? The code lists Langdon Fuller, so I've sent a similar inquiry > over to him.
Yes, for the low level questions you are asking, Landon is the only person I know who would very likely be able to give a response. Regards Kern > Thanks anyways. > > >> This is a valuable feature to support. When backing up large amounts of > >> data, I have witnessed almost a quadrupling of the job run time after > >> simply enabling FD encryption. Rates drop from 15MB/sec to under > >> 5MB/sec, making backups take way too long. It is also easy to monitor > >> the massive load which they put upon the CPU. > > > > Kern > > Steve > > > --------------------------------------------------------------------------- >--- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day trial. Simplify your report design, integration and deployment - and > focus on what you do best, core application coding. Discover what's new > with Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Bacula-devel mailing list > bacula-de...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-devel ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
