Silent and economic cryptographic file server

Hardware specifications

Mainboard and CPU

I chose a VIA Epia MII 12000 as the base platform, because this was the only board with PadLock ACE support which I could get in Germany at this time (March 2005)

VIA C3 Nehemiah with 1.2 GHz and PadLock ACE
TDP of 17 Watts
Backpanel-IO: cardbus, compact flash, 2x USB 2.0, 1x Firewire

Harddrives

For the operating system harddrive I bought a Hitachi Travelstar with 60GB. It's a 2.5 inch drive, but with 7200 rpm, so it is reasonable fast. Furthermore this model is designed for 24/7 operation. The main reason I choosed a 2.5 inch drive was power consumption, as it only needs 2W to operate (and therefore has less heat dissipation.)

60 GB travelstar with 7200rpm.

Fortunately there was still enough place for two 3.5" harddrives.

Function	Model	RPM	Cache	Size
system, home, mail	HTE726060M9AT00	7200	8 MB	60 GB
backups	WDC WD2000JB-00GVA0	7200	8 MB	200 GB
data, TV recordings, Linux ISOs etc.	SAMSUNG HD300LD	7200	8 MB	300 GB
Total size:				560 GB

Power supply, RAM etc.

I purchased an external fanless 12V power supply with 80 Watts and an internal DC-DC Converter. With 80 Watts there is enough room for experiments and to ensure a stable boot process, when all hard drives spin up at once.

Furthermore, I got a 512 MB DDR Kingston DIMM. And an INTEL Pro1000MT gigabit ethernet controller. Update:Now (2006) a 1024 MB DDR DIMM is used.

Software

Operating System

At the moment the system is running a customized Debian Etch with Linux kernel 2.6.19.2.

OpenSSL

To make use of the integrated Padlock hardware accelerator a recompiled debian package is used.

AES performance with and without Padlock used:
(measured with "openssl speed -evp aes-256-ecb -engine padlock")

The 'numbers' are in 1000s of bytes per second processed. 
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-ecb      15669.02k    16916.54k    17280.51k    17429.85k    17479.00k (software)
aes-128-ecb      88912.67k   320026.56k   865422.51k  1462438.36k  1840122.54k (padlock)

aes-128-cbc      11833.27k    16052.56k    17805.99k    18316.63k    18392.54k (software)
aes-128-cbc      70580.31k   230124.42k   510011.90k   739012.27k   846489.43k (padlock)

aes-256-ecb      11817.72k    12487.81k    12663.92k    12767.57k    12776.79k (software)
aes-256-ecb      88587.47k   320000.32k   761852.67k  1139517.78k  1326309.29k (padlock)

aes-256-cbc       9558.71k    11995.58k    12968.62k    13221.89k    13265.05k (software)
aes-256-cbc      68891.22k   208040.11k   421406.38k   562406.66k   621147.62k (padlock)

OpenSSH

I use a modified ssh version which makes use of the openssl padlock engine. Packages for Debian etch can be found here.

Case

Virgin parts.

Nearly finished case.

Those CD drives are pretty big!

Somewhat ugly, but hey...