user37 28 Posted ... This is interesting, I did not know about built in proccesor encryption. I am only running an older A series AMD A-6 apu without aes. Is this built in encryption something that would be benificial to our airvpn encryption and connection speed as well? I am researching new computers and that's how I came accross this article. http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html Quote Share this post Link to post
PirateParty 49 Posted ... Having hardware that is AES-NI capabilities will most likely not effect your performance with OpenVPN but rather with things like full disk encryption. But still you should really be getting decent speeds without it. 1 user37 reacted to this Quote Hide PirateParty's signature Hide all signatures https://cryptoforums.net/ Computing, Crypto, Security & Privacy Forum Share this post Link to post
OpenSourcerer 1442 Posted ... The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance. OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI. So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search. 1 user37 reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
user37 28 Posted ... I purchased a refurbished computer with nothing but windows 7 premium on it (don't want windows 8 just yet). It has the Intel i5-3340 with AES-NI.I added a nice AMD graphics card which complements the i5 much better then it's included graphics did. It does seem to handle general encryption tasks faster then my older apu. I can't say if the new cpu does or does not affect the speed of an encrypted vpn tunnel, but,pages sure load up faster, video and music stream better, and while running other tasks, even when connection speed falls. I upgraded to the i5/AMD combo for my photo and video editing software mainly. But with the demand for personal privacy increasing, and the use of encryption becoming common place, a cpu with AES-NI makes sense. Besides, the i5 will smoke your socks off Quote Share this post Link to post
rainmakerraw 94 Posted ... The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance. OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI. So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search. I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance. Quote Share this post Link to post
pfSense_fan 181 Posted ... The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance. OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI. So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search. I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance. Wikipedia - Supporting CPU's Also, if it has "AES" instructions, it is the same thing. EDIT: ...and then I saw that the post you quoted had the same link I provided. None the less, using an AES enabled chip helps tremendously. This has been discussed in depth amongst those of us using pfSense to connect. For you to get the most of your connection you will want to use an AES chip. 1 rainmakerraw reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
rainmakerraw 94 Posted ... The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance. OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI. So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance. Wikipedia - Supporting CPU's Also, if it has "AES" instructions, it is the same thing. EDIT: ...and then I saw that the post you quoted had the same link I provided. None the less, using an AES enabled chip helps tremendously. This has been discussed in depth amongst those of us using pfSense to connect. For you to get the most of your connection you will want to use an AES chip. My apologies. I hadn't slept a whole day/night/day when I replied and completely missed that. I appreciate you taking time to reply and confirming I'm OK to buy AMD. I run IPFire myself, rather than pfSense, but I'm considering moving over as although IPFire is decent it's a little glitchy recently. I'm wanting to build a Jaguar (AM1 SoC) router to replace my old IPFire box, and now I know it supports AES also, my mind is made up. Thanks again for the reply. Quote Share this post Link to post
pfSense_fan 181 Posted ... The AES instruction set is an extension of Intel CPUs with the goal to speed up encryption and decryption (E/D) performance. OpenSSL, the SSL library used with OpenVPN, is compatible with those instructions. I assume this does have a notable effect on connection speeds as the new instructions increase the throughput. But to "feel" the change you'd need a very fast connection, one which could really challenge your CPU with E/D.For example, I have 3500 kbits down, 450 up.. I won't notice any interesting change using AES-NI. With simultaneous download and upload my CPU is using barely 4% of CPU time. I have a Core2Quad with sufficient speeds not capable of AES-NI. So: If you have a really fast internet connection, maybe more than 16 or even 32 mbits download, you could consider buying a CPU capable of AES-NI. Look here for reference on which CPUs does support them, here for a detailed list with search.I have a 152Mbps connection and find this interesting. Can anyone please confirm whether the instruction 'AES' in AMD CPUs is the same (or at least, has the same function) as the AES-NI in Intel chips? In other words, can I buy an AMD chip to do this job or is it Intel only? Many thanks in advance. Wikipedia - Supporting CPU's Also, if it has "AES" instructions, it is the same thing. EDIT: ...and then I saw that the post you quoted had the same link I provided. None the less, using an AES enabled chip helps tremendously. This has been discussed in depth amongst those of us using pfSense to connect. For you to get the most of your connection you will want to use an AES chip. My apologies. I hadn't slept a whole day/night/day when I replied and completely missed that. I appreciate you taking time to reply and confirming I'm OK to buy AMD. I run IPFire myself, rather than pfSense, but I'm considering moving over as although IPFire is decent it's a little glitchy recently. I'm wanting to build a Jaguar (AM1 SoC) router to replace my old IPFire box, and now I know it supports AES also, my mind is made up. Thanks again for the reply. If you are going to be starting from scratch buying a new board, I don't recommend AMD. Not because the processor is bad, but because most motherboards don't have network cards compatible with pfSense. The current ideal platform is the C2558 or c2578 based Supermicro Intel Atom boards (Rangely). They have quad Intel Server class network interfaces. For AMD you would need to purchase a separate network card, and the ones you need can be expensive. You'll find the price difference for an AMD build to be similar, but you will be getting much higher end equipment for the same price with a Rangely board. Just my thoughts! 1 rainmakerraw reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
rainmakerraw 94 Posted ... If you are going to be starting from scratch buying a new board, I don't recommend AMD. Not because the processor is bad, but because most motherboards don't have network cards compatible with pfSense. The current ideal platform is the C2558 or c2578 based Supermicro Intel Atom boards (Rangely). They have quad Intel Server class network interfaces. For AMD you would need to purchase a separate network card, and the ones you need can be expensive. You'll find the price difference for an AMD build to be similar, but you will be getting much higher end equipment for the same price with a Rangely board. Just my thoughts! Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment? Quote Share this post Link to post
pfSense_fan 181 Posted ... Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment? http://www.supermicro.com/wheretobuy/europe.cfm?rgn=132http://www.supermicro.com/products/motherboard/ATOM/ It is harder to find the 2558 based boards, you have to look at places that sell servers etc. The standard consumer circles don't carry these. You certainly could use those cards provided you have pci slots for them, however they do not support the same offloading features as the i354 nic's onboard those Atoms. If you have a 150Mb connection, it might be a consideration seeing you will be using a VPN. Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
rainmakerraw 94 Posted ... Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment? http://www.supermicro.com/wheretobuy/europe.cfm?rgn=132http://www.supermicro.com/products/motherboard/ATOM/ It is harder to find the 2558 based boards, you have to look at places that sell servers etc. The standard consumer circles don't carry these. You certainly could use those cards provided you have pci slots for them, however they do not support the same offloading features as the i354 nic's onboard those Atoms. If you have a 150Mb connection, it might be a consideration seeing you will be using a VPN. OK from what I've found so far it's going to cost in the region of five times more for the Rangeley setup than it would for Kabini/Jaguar re-using my existing Intel Pro NICs. Unfortunately I'm going to have to rule out Rangelely at least for now. Although I appreciate the improved quality and flexibility, C2558 boards would cost me about $450 to $500 equivalent whereas the same in Kabini/Jaguar would be $75 to $80 at most. Looks like I'm going to have to 'make do'. Quote Share this post Link to post
pfSense_fan 181 Posted ... Unfortunately I can't seem to find those in the UK? The C2558 only resolves to a car part rather than computer equipment on a cursory Google search and none of my usual suppliers stock anything of the sort. I currently have half a dozen Intel server NICs (Intel Pro 1000PT dual port varieties mostly) so I assume I'd be safe to reuse those regardless of platform chosen rather than rely on onboard equipment? http://www.supermicro.com/wheretobuy/europe.cfm?rgn=132http://www.supermicro.com/products/motherboard/ATOM/ It is harder to find the 2558 based boards, you have to look at places that sell servers etc. The standard consumer circles don't carry these. You certainly could use those cards provided you have pci slots for them, however they do not support the same offloading features as the i354 nic's onboard those Atoms. If you have a 150Mb connection, it might be a consideration seeing you will be using a VPN. OK from what I've found so far it's going to cost in the region of five times more for the Rangeley setup than it would for Kabini/Jaguar re-using my existing Intel Pro NICs. Unfortunately I'm going to have to rule out Rangelely at least for now. Although I appreciate the improved quality and flexibility, C2558 boards would cost me about $450 to $500 equivalent whereas the same in Kabini/Jaguar would be $75 to $80 at most. Looks like I'm going to have to 'make do'. Our prices must differ greatly being accross the pond. Can you link me to some of these AMD boards you speak of? I've been piecing info together for my guide as far as hardware and I can find no such hardware as you speak of. The motherboards I find for amd are ~$100+ (For one worth it's salt for running 24 hours a day), the processors ~$150, they don't have compatible NIC's ( I know you have some spare) and they all are half the Mhz and take double the Electricity of the Rangely. Meanwhile, I can find a rangely 2558 for ~$220. Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
rainmakerraw 94 Posted ... Our prices must differ greatly being accross the pond. Can you link me to some of these AMD boards you speak of? I've been piecing info together for my guide as far as hardware and I can find no such hardware as you speak of. The motherboards I find for amd are ~$100+ (For one worth it's salt for running 24 hours a day), the processors ~$150, they don't have compatible NIC's ( I know you have some spare) and they all are half the Mhz and take double the Electricity of the Rangely. Meanwhile, I can find a rangely 2558 for ~$220. ~£25 AM1 Kabini motherboards~£25 AM1 Kabini dual and quad core CPUs As I said, not earth shattering high end server stuff; but with DDR3, SATA3 and AES support (not to mention integrated DirectX 11 and OGL gfx) they don't seem to be bad budget builds at the price whether for a low end desktop or cheap but flexible router. They have a TDP of 25W and are 28nm process. I know the Atoms can beat that but again, availability and price make the AMD an attractive alternative. Stock is apparently due in soon. Quote Share this post Link to post
OpenSourcerer 1442 Posted ... The AES block cipher - Coursera From 9:34 he explains these new instructions. Anyway, if you want to inform yourself on how AES works you can watch the whole segment. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Visentinel 13 Posted ... please be aware that the AES-NI is compromised and you should not use it without an additional randomization layer. pfsense 2.1 appears to have the yarrow service i only know that 2.2 will use it. for now DO NOT use aes-ni unless you have taken steps to protect yourself from its weak randomization. Quote Share this post Link to post
OpenSourcerer 1442 Posted ... please be aware that the AES-NI is compromised If you can prove it, post it here. Because the internet is full of "I think"s and "I believe"s. But yes, the NSA's role here should be considered, see the PRISM slides. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post