Tor relay & Tor hidden service hardware picks, December 2015

This is the first publication of what I hope to be a regular exploration of dedicated, low-cost Tor relay and Tor hidden service devices. Your feedback will help me make these publications better, so please send me a note to: christopher at yawnbox dot com.

Objective

Help people identify well researched hardware ideal for Tor applications including relays or hidden services.

Top picks for December 2015

Low pick ($0 – $99)

Microsoft Store for $99: InFocus Kangaroo

The InFocus Kangaroo is highest performing $0 – $99 device that I’ve been able to find. For comparison, the Raspberry Pi 2 Model B has a clock rate of just 900 MHz. For $35, that’s pretty good. But it’s not just $35 because you would also have to buy a power adapter, case, and storage (USB, Micro SD, etc). The Kangaroo has a clock rate of 2.24 GHz and will surely out perform a Raspberry Pi, and if you live in the USA, you can physically buy one at a Microsoft Store. A reviewer on NewEgg claimed that they had no problem installing Ubuntu 15.10 onto the Kangaroo and that the networking devices worked without issue. The Kangaroo is Wifi only, but supports 802.11 a/b/g/n/ac (Ubuntu Server has no problem leveraging Wifi).

Low alternative

Starting at $35: Raspberry Pi 2 Model B
[WARNING: Raspberry Pi is generating weak SSH keys]

Mid pick ($100 – $199)

Newegg.com for $149: Gigabyte GB-BXA8-5557

This is an AMD A8 2.1GHz but 3.1GHz in “turbo” mode. Three reviewers on NewEgg claimed that they had no problem installing Ubuntu 15.10 onto the GB-BXA8-5557 and that it runs very well. Ubuntu Server would run even better. This is the GB-BXA8-5557 product page.

Mid alternative

Microsoft Store starting at $169: Acer Aspire One Cloudbook 11

This option is a good one because everything is included: SSD, RAM, power adapter, keyboard, and monitor. The downside is there is no 1GbE port, but at least it supports 802.11 AC with a wireless chipset that is supported by Tails Linux and Ubuntu 15.10 Server. I recently reviewed this laptop exclusively looking at hidden services support. This Aspire laptop uses an Intel Celeron clocked at 2.16 GHz (yes, with AES-NI).

High pick ($200 – $299)

Newegg.com for $294: Intel NUC NUC5i5RYK

The high pick focuses on one thing: the newest architecture CPU with the highest clock rate that is not split with hyper-threading (like an Intel i7). Intel i5’s commonly outperform all AMD desktop processors in single-threaded applications.

Methodology

There are three foundations for picking Tor application hardware:

1. Tor’s strength as a privacy application comes directly from its global diversity. It is most important to realize that the top picks be based on low-cost and highly-available solutions, not overall performance.

2. Even with careful Tor protocol development, the security and health of the Tor network depends, in part, on the practices of Tor relay operators. In turn, the safety of Tor users depends on volunteer operators choosing well reasoned solutions. One easy way to mitigate specific attacks against Tor relays or Tor hidden services is to compartmentalize Tor-based services by using dedicated hardware.

3. As a sub-rule of both #1 and #2, no one company, either device or processor manufacturer, can be selected for all three Tor application hardware picks for any given month. Intel clearly dominates the low-cost AES acceleration, and for obvious reasons the Tor network cannot just use Intel processors.

That said, the performance-to-cost ratio of Tor application hardware is likely the reason why you are reading this. Foundation #1 helps define the three categories of picks:

1. Low Picks will be $0 – $99
2. Mid Picks will be $100 – $199
3. High Picks will be $200 – $299

If you have more money to put into dedicated Tor application hardware, that is amazing, and reading this publication might still help you.

Hardware crypto processing

It is important to consider AES accelerated processors because Tor is single-threaded and uses a 128-bit AES stream cipher.

Intel® AES-NI

The AES-NI extensions offer full hardware support for data encryption and decryption using the Advanced Encryption Standard, defined by FIPS Publication number 197. Four of the instructions support AES Encryption and Decryption while the other two support AES key expansion.

The AES-NI extensions have the flexibility to support key lengths of 128, 192, and 256 by processing the data block in 10, 12, and 14 rounds of cryptographic transformations. Since they are hardware-based, they also offer a significant increase in performance compared to the current software implementations.

Since March 2013, Intel has documented that software products that support AES-NI include OpenSSL 1.0.1 and Ubuntu 11.10.

Tom’s Hardware reviewed Intel’s AES-NI performance in 2010:

What is AES anyway?

CPU-based AES instructions start to make real sense, regardless of possible performance benefits. From a security standpoint, the processor may handle AES instructions in an encapsulated manner. This would alleviate the need for lookup tables that might provide data for side-channel cache-based attacks.

Other AES resources

You can read a highly-technical paper about Intel’s AES acceleration technology titled, “Intel’s New AES Instructions for Enhanced Performance and Security” (PDF).

Intel published a whitepaper in May 2010 titled, Intel Advanced Encryption Standard (AES) New Instructions Set.

Wikipedia has a technical-focused article covering the AES instruction set.

TorServers.net details how to verify Intel AES-NI is available in the Linux CLI.

Intel processors with AES support

6th Gen i3 (Q4’15 – Q3’15)

Intel® Core™ i3-6100E (3M Cache, 2.70 GHz)
Intel® Core™ i3-6102E (3M Cache, 1.90 GHz)
Intel® Core™ i3-6100TE (4M Cache, 2.70 GHz)
Intel® Core™ i3-6100U (3M Cache, 2.30 GHz)
Intel® Core™ i3-6100H (3M Cache, 2.70 GHz)
Intel® Core™ i3-6167U (3M Cache, 2.70 GHz)
Intel® Core™ i3-6300 (4M Cache, 3.80 GHz)
Intel® Core™ i3-6300T (4M Cache, 3.30 GHz)
Intel® Core™ i3-6320 (4M Cache, 3.90 GHz
Intel® Core™ i3-6100 (3M Cache, 3.70 GHz)
Intel® Core™ i3-6100T (3M Cache, 3.20 GHz)

5th Gen i3 (Q1’15)

Intel® Core™ i3-5020U (3M Cache, 2.20 GHz)
Intel® Core™ i3-5015U (3M Cache, 2.10 GHz)
Intel® Core™ i3-5157U (3M Cache, 2.50 GHz)
Intel® Core™ i3-5010U (3M Cache, 2.10 GHz)
Intel® Core™ i3-5005U (3M Cache, 2.00 GHz)

4th Gen i3 (Q1’15-Q3’13)

Intel® Core™ i3-4370T (4M Cache, 3.30 GHz)
Intel® Core™ i3-4170T (3M Cache, 3.20 GHz)
Intel® Core™ i3-4170 (3M Cache, 3.70 GHz)
Intel® Core™ i3-4360T (4M Cache, 3.20 GHz)
Intel® Core™ i3-4370 (4M Cache, 3.80 GHz)
Intel® Core™ i3-4160T (3M Cache, 3.10 GHz)
Intel® Core™ i3-4160 (3M Cache, 3.60 GHz)
Intel® Core™ i3-4340TE (4M Cache, 2.60 GHz)
Intel® Core™ i3-4350 (4M Cache, 3.60 GHz)
Intel® Core™ i3-4350T (4M Cache, 3.10 GHz)
Intel® Core™ i3-4360 (4M Cache, 3.70 GHz)
Intel® Core™ i3-4150T (3M Cache, 3.00 GHz)
Intel® Core™ i3-4150 (3M Cache, 3.50 GHz)
Intel® Core™ i3-4110E (3M Cache, 2.60 GHz)
Intel® Core™ i3-4110M (3M Cache, 2.60 GHz)
Intel® Core™ i3-4112E (3M Cache, 1.80 GHz)
Intel® Core™ i3-4120U (3M Cache, 2.00 GHz)
Intel® Core™ i3-4025U (3M Cache, 1.90 GHz)
Intel® Core™ i3-4030U (3M Cache, 1.90 GHz)
Intel® Core™ i3-4030Y (3M Cache, 1.60 GHz)
Intel® Core™ i3-4330 (4M Cache, 3.50 GHz)
Intel® Core™ i3-4330T (4M Cache, 3.00 GHz)
Intel® Core™ i3-4340 (4M Cache, 3.60 GHz)
Intel® Core™ i3-4100M (3M Cache, 2.50 GHz)
Intel® Core™ i3-4130T (3M Cache, 2.90 GHz)
Intel® Core™ i3-4130 (3M Cache, 3.40 GHz)
Intel® Core™ i3-4005U (3M Cache, 1.70 GHz)
Intel® Core™ i3-4012Y (3M Cache, 1.50 GHz)
Intel® Core™ i3-4020Y (3M Cache, 1.50 GHz)
Intel® Core™ i3-4100U (3M Cache, 1.80 GHz)
Intel® Core™ i3-4158U (3M Cache, 2.00 GHz)
Intel® Core™ i3-4010U (3M Cache, 1.70 GHz)
Intel® Core™ i3-4010Y (3M Cache, 1.30 GHz)

Pentium (Q4’15 – Q2’12)

Intel® Pentium® D1507 (3M Cache, 1.20 GHz)
Intel® Pentium® D1508 (3M Cache, 2.20 GHz)
Intel® Pentium® D1509 (3M Cache, 1.50 GHz)
Intel® Pentium® D1517 (6M Cache, 1.60 GHz)
Intel® Pentium® 4405U (2M Cache, 2.10 GHz)
Intel® Pentium® 4405Y (2M Cache, 1.50 GHz)
Intel® Pentium® G4400T (3M Cache, 2.90 GHz)
Intel® Pentium® G4400TE (3M Cache, 2.40 GHz)
Intel® Pentium® G4400 (3M Cache, 3.30 GHz)
Intel® Pentium® G4500 (3M Cache, 3.50 GHz)
Intel® Pentium® G4500T (3M Cache, 3.00 GHz)
Intel® Pentium® G4520 (3M Cache, 3.60 GHz)
Intel® Pentium® N3700 (2M Cache, up to 2.40 GHz)
Intel® Pentium® 1405 v2 (6M Cache, 1.40 GHz)
Intel® Pentium® 3561Y (2M Cache, 1.20 GHz)
Intel® Pentium® 3560Y (2M Cache, 1.20 GHz)
Intel® Pentium® B915C (3M Cache, 1.50 GHz)
Intel® Pentium® 1405 (5M Cache, 1.2 GHz)

Celeron (Q1’15 – Q2’12)

Intel® Celeron® N3000 (2M Cache, up to 2.08 GHz)
Intel® Celeron® N3050 (2M Cache, up to 2.16 GHz)
Intel® Celeron® N3150 (2M Cache, up to 2.08 GHz)
Intel® Celeron® 725C (1.5M Cache, 1.30 GHz)

Atom (Q4’14 – Q4’13)

Intel® Atom™ E3805 (1M Cache, 1.33 GHz)
Intel® Atom™ E3815 (512K Cache, 1.46 GHz)
Intel® Atom™ E3825 (1M Cache, 1.33 GHz)
Intel® Atom™ E3826 (1M Cache, 1.46 GHz)
Intel® Atom™ E3827 (1M Cache, 1.75 GHz)
Intel® Atom™ E3845 (2M Cache, 1.91 GHz)

Atom for Smartphone and Tablet (Q3’15-Q3’13)

Intel® Atom™ Z3590 (2M Cache, up to 2.50 GHz)
Intel® Atom™ x7-Z8700 (2M Cache, up to 2.40 GHz)
Intel® Atom™ x5-Z8500 (2M Cache, up to 2.24 GHz)
Intel® Atom™ x5-Z8300 (2M Cache, up to 1.84 GHz)
Intel® Atom™ Z3570 (2M Cache, up to 2.00 GHz)
Intel® Atom™ Z3530 (2M Cache, up to 1.33 GHz)
Intel® Atom™ Z3785 (2M Cache, up to 2.41 GHz)
Intel® Atom™ Z3580 (2M Cache, up to 2.33 GHz)
Intel® Atom™ Z3560 (2M Cache, up to 1.83 GHz)
Intel® Atom™ Z3480 (1M Cache, up to 2.13 GHz)
Intel® Atom™ Z3460 (1M Cache, up to 1.60 GHz)
Intel® Atom™ Z3795 (2M Cache, up to 2.39 GHz)
Intel® Atom™ Z3775D (2M Cache, up to 2.41 GHz)
Intel® Atom™ Z3775 (2M Cache, up to 2.39 GHz)
Intel® Atom™ Z3745D (2M Cache, up to 1.83 GHz)
Intel® Atom™ Z3745 (2M Cache, up to 1.86 GHz)
Intel® Atom™ Z3770D (2M Cache, up to 2.41 GHz)
Intel® Atom™ Z3770 (2M Cache, up to 2.39 GHz)
Intel® Atom™ Z3740D (2M Cache, up to 1.83 GHz)
Intel® Atom™ Z3740 (2M Cache, up to 1.86 GHz)

Atom for Server (Q3’13-Q3’13)

Intel® Atom™ C2750 (4M Cache, 2.40 GHz)	
Intel® Atom™ C2730 (4M Cache, 1.70 GHz)	
Intel® Atom™ C2550 (2M Cache, 2.40 GHz)
Intel® Atom™ C2530 (2M Cache, 1.70 GHz)
Intel® Atom™ C2350 (1M Cache, 1.70 GHz)

Core M (Q3’15-Q3’14)

Intel® Core™ m3-6Y30 (4M Cache, up to 2.20 GHz)
Intel® Core™ m5-6Y54 (4M Cache, up to 2.70 GHz)
Intel® Core™ m5-6Y57 (4M Cache, up to 2.80 GHz)
Intel® Core™ m7-6Y75 (4M Cache, up to 3.10 GHz)
Intel® Core™ M-5Y71 (4M Cache, up to 2.90 GHz)
Intel® Core™ M-5Y51 (4M Cache, up to 2.60 GHz)
Intel® Core™ M-5Y31 (4M Cache, up to 2.40 GHz)
Intel® Core™ M-5Y10c (4M Cache, up to 2.00 GHz)
Intel® Core™ M-5Y10 (4M Cache, up to 2.00 GHz)
Intel® Core™ M-5Y70 (4M Cache, up to 2.60 GHz)
Intel® Core™ M-5Y10a (4M Cache, up to 2.00 GHz)

AMD processors with AES support

You might have luck finding AES support for a specific processor using Notebookcheck.net.

If you are new to AMD, this simple comparison to Intel may help guide you (from AMD Commercial Client Quick Reference Guide (PDF)).

amd_s