Page 1: Intro, the MII, Padlock
<B>Intro</B>:
The EPIA series of motherboards from VIA has long been a favorite of mine. Ever since the first one came out awhile back, I had envisioned these tiny boards being made into HTPC or mods. Sure enough, they are a cornerstone of the small form-factor PC market and the HTPC market alike. What sets the MII apart from its predecessors is a faster CPU, better expansion, and a brand-new encryption engine. Let's move on to the full review...
<B>The MII?</B>:
What makes this CPU different from the normal Nehemiah is the addition of the VIA Padlock ACE (Advanced Cryptography Engine). This is an hardware AES (Advanced Encryption Standard) codec. AES is the encryption standard that the US and other governments use. It is quickly replacing the old DES encryption standard. The ACE unit can do all three different key sizes of AES (128, 192, 256 bit) and all at the same speed. Since this is done in hardware, the new MII can perform this encryption at a very fast rate, faster than most software based implementations on much faster CPUs. The Padlock ACE would be useful in a network environment, and I understand that VIA has released a new feature that incorporates AES encryption into ZIP files. Winzip 9 can also handle this. The ACE codec is handled by a free library for all OSes, and is supported in the x86 instruction set.
The other side of the hardware is the Padlock RNG (Random Number Generator). A hardware random number generator generates better random numbers than does software. Since no computer generated numbers are truly random, hardware implementations are the way to go if security is an issue. Encryption keys need good strong random numbers to function correctly.
Other advancements to the CPU are primarily speed based. It now runs at 1.2GHz.
I want to include some info that VIA sent me in regards to the new Padlock system. It is extremely well written and I found it very helpful. This text is from VIA, not from me.
The EPIA series of motherboards from VIA has long been a favorite of mine. Ever since the first one came out awhile back, I had envisioned these tiny boards being made into HTPC or mods. Sure enough, they are a cornerstone of the small form-factor PC market and the HTPC market alike. What sets the MII apart from its predecessors is a faster CPU, better expansion, and a brand-new encryption engine. Let's move on to the full review...
<B>The MII?</B>:
What makes this CPU different from the normal Nehemiah is the addition of the VIA Padlock ACE (Advanced Cryptography Engine). This is an hardware AES (Advanced Encryption Standard) codec. AES is the encryption standard that the US and other governments use. It is quickly replacing the old DES encryption standard. The ACE unit can do all three different key sizes of AES (128, 192, 256 bit) and all at the same speed. Since this is done in hardware, the new MII can perform this encryption at a very fast rate, faster than most software based implementations on much faster CPUs. The Padlock ACE would be useful in a network environment, and I understand that VIA has released a new feature that incorporates AES encryption into ZIP files. Winzip 9 can also handle this. The ACE codec is handled by a free library for all OSes, and is supported in the x86 instruction set.
The other side of the hardware is the Padlock RNG (Random Number Generator). A hardware random number generator generates better random numbers than does software. Since no computer generated numbers are truly random, hardware implementations are the way to go if security is an issue. Encryption keys need good strong random numbers to function correctly.
Other advancements to the CPU are primarily speed based. It now runs at 1.2GHz.
I want to include some info that VIA sent me in regards to the new Padlock system. It is extremely well written and I found it very helpful. This text is from VIA, not from me.
Quote
<b>The VIA PadLock RNG</b>
To address this need for good random numbers in security applications, VIA developed the VIA Padlock RNG, integrating a high-performance hardware-based random number generator onto the processor die. This RNG uses random electrical noise on the processor chip to generate highly random values at an extremely fast rate. It provides these numbers directly to security applications via a new x86 instruction that has built-in multi-tasking support.
Capable of creating random numbers at rates of between 800K to 1600K bits per second, the VIA PadLock RNG addresses the needs of security applications requiring high bit rates that algorithmically increases the quality (randomness) of the entropy produced, for example by applying hashing algorithms to the output.
The VIA PadLock RNG uses a system of Asynchronous Multi-byte Generation, where the hardware generates random bits at its own pace. These accumulate into hardware buffers with no impact on program execution. Software may then read the accumulated bits at any time. This asynchronous approach allows the hardware to generate large amounts of random numbers completely overlapped with program execution. This is opposed to good software generators, which can be fast but consume a significant number of CPU cycles, thereby affecting overall system performance. For more on the VIA PadLock RNG, please visit the <a href="http://www.via.com.tw/en/padlock/padlock_hardware.jsp">VIA PadLock Hardware Security Suite web page</a>.
...
<b>AES Encryption</b>
Short for Advanced Encryption Standard, AES is a data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. AES has been adopted by the US Government to replace the current DES encryption standard. The cryptography scheme encrypts and decrypts 128-bit blocks of data with 3 standard key lengths.
1) 128-bit key length that corresponds to approx. 3.4 x 10^38 keys
2) 192-bit key length corresponding to approx 6.2 x 10^57 keys
3) 256-bit key length corresponding to approx. 1.1 x 10^77 keys
In laymen's terms, this means that for each 128-bit key length there can be 3.4 x 10^38 possible combinations of "keys". By comparison, the Enigma code used by the Germans in WWII had approx. 1.1 x 10^7 keys and DES has approx. 7.2 x 10^16 keys. To try and put this into perspective, if we assumed a super-computer could break the DES code in one second, it would take the same super computer 149 thousand billion years to decode an AES key with a 128-bit key length.
AES encryption is also particularly well suited for electronic devices such as PCs, IP and mobile phones, PDAs, firewalls, and wireless standards, such as the high-speed 802.11g standard.
<b>The VIA PadLock Advanced Cryptography Engine (ACE)</b>
VIA C5P Nehemiah core processors integrate a powerful Advanced Cryptography Engine (ACE) that can encrypt or decrypt data at a sustained rate of 12.8 Gb/s. For a single encryption or decryption, the effective rate can be even faster, up to 21 Gb/s. This is faster than any known commercial AES hardware implementation, and several times faster than software implementations carried out with the latest high performance processors.
VIA PadLock ACE directly supports all three AES key sizes (128-bits, 196-bits, and 256-bits) in hardware, and with the same performance. In addition to a single application being able to use VIA PadLock ACE, any number of tasks can use it concurrently without requiring supplemental task management by the application or the operating system. Although implementation of VIA PadLock ACE contains an additional x86 state, the using tasks do not need to save and restore this state - the hardware manages the additional state in a transparent fashion.