If electronic commerce has a dirty little secret, it’s that if the revolution happened tomorrow most so-called commerce servers would be brought to their knees trying to handle the cryptography.
Compaq is looking to step into the breach with a set of hardware cryptography and authentication products it picked up with last year’s acqusition of Tandem Computers. It will soon add to that range with a dedicated SSL (secure sockets layer) accelerator.
Compaq’s Gary Sabo, a keynote speaker at last week’s BizCom, says even IT professionals are surprised when they encounter the processing demands of high-volume public key cryptography.
“We did a demo at a Microsoft developers’ conference recently and we did some SSL processing in software. And we had a little meter of CPU utilisation that we watched go all the way up to 100%. The transaction rate doesn’t change, but you eat up all your cycles.
“Then we flippped a little switch and sent it to one of our PCI cards. The CPU utilisation dropped to about 8% and the transaction went up slightly. Basically, you get your CPU back.”
Processing overhead is also being increased by the desire of business to future-proof their security, says Sabo.
“The keys are getting longer today because people have archival needs. They want a key long enough to make sure that it won’t be cracked over, say, the next 15 years. Everybody knows you can break a 512-bit key today, and that 1024 is still very strong. But most people signing things for archival purposes are using 2048-bit keys.
“Generating those keys is very time-consuming. So one of the areas we’re working on is to provide very high-performance key generation — in the hundreds per second. Right now, some of the systems allow you generate maybe three or four keys per minute and that’s not acceptable in a mass operation. We have technology which allows you into the 20 to 40 per second range.
Secure systems are also tasked with the generation and verification of digital certificates and signatures, says Sabo, “and that all requires the use of public key cryptography, primarily RSA. We need to provide that in a way that doesn’t bring the server to its knees.”