Invalidating the session after 30 seconds
Any fewer might fail to exercise the HSM to its fullest.Significantly more threads would not increase the performance numbers, so we work in the "sweet spot" and we suggest that you do as well if performance is your greatest concern.If your primary cryptographic activity is key-generation of any kind, or involves mostly symmetric operation, then Luna SA 1700 should suit your needs at a smaller investment.Here is a quick summary of some excerpts from the performance testing: * Key Generations – same performance for both * Symmetric operations – same performance for both * Asymmetric operations – check with your Safe Net Sales representative, but here are some samples.You are thinking of the HSM's flash memory, which would be used to store token objects. Your "key factory" application (generating keys that are pushed out to external devices like smart cards) should be generating your short-lived keys as session objects, rather than as token objects.Session objects do not use the flash memory at all - they are created and exist in the HSM's RAM only, which can perform virtually unlimited read/write operations.An integration or application that works with one will work with the other, with no adjustment needed.Note that the main difference (see next question) is performance using asymmetric operations.
Command latency (the time required for any one command to complete) is not a direct inverse of TPS, and can be dependent on several things including the number of threads, the network latency, and the interleaving of different command types to the HSM.
That remains true even though the 1024 key size is now generally considered too small for modern operational use, and most applications would tend to use 2048 key sizes (at least that was the case when this was written in 2013).
As well, we bombard the HSM with at least 30 threads simultaneously performing that simple test operation (this is down from a previously required 50 threads due to refinements in Luna SA 5.2).
- RSA 1024: 7000 signings/second vs 1700 signings/second - RSA 2048: 1200 vs 350 - RSA 4096: 160 vs 50 - ECC P-256: 1000 vs 490 We provide repeatable numbers that you could achieve if you tested in an environment similar to our test-lab environment.
This method provides numbers that you can compare against numbers from any of our competitors.