Herbert, et al.: I must admit, I do not clearly understand why something such as the CryptoAPI must live in kernel space? Can a user space implementation of it not exist? Presuming for the sake of understanding that it does need to live in kernel space, if it were written as a module (in much the same way loop-aes is), could it not be made to support a plethora more kernels? Can the CryptoAPI be made to work in user space? The problem (for me) is the fact that it is a kernel patch, and I cannot just plug it into any kernel I need to use it with, this is not a small issue, it is quite critical in my decision. Very Respectfully, Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@bh90210.net west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Tuesday, March 05, 2002 8:17 AM -----Original Message----- From: linux-crypto-bounce@nl.linux.org [mailto:linux-crypto-bounce@nl.linux.org] On Behalf Of Herbert Valerio Riedel Sent: Tuesday, March 05, 2002 8:14 AM To: Jari Ruusu Cc: Newsmail; linux-crypto@nl.linux.org Subject: Re: difference between jari's and hvr's package On Tue, 2002-03-05 at 16:43, Jari Ruusu wrote: > Because cryptoapi works with very limited set of kernels, and with none of > the ultra stable kernels. Loop-AES works with all maintained stable kernels, > including distro vendor kernels. Meaning that if you use cryptoapi, HVR > chooses your kernel for you. If you use loop-AES, crypto adapts to _your_ > choice of kernel. That is a big difference. ...and with loop-aes, you choose the set of ciphers your users use... ;-) btw, you should have mentioned also that loop-aes is only about the loop block device... while cryptoapi is a _generic_ api, of which the cryptoloop is only one of the possible kernel space applications... > Another disadvantage that cryptoapi loop has, is the cryptoapi bloat that > makes it slower than loop-AES. Loop-AES does not use cryptoapi, and that is > a feature. btw, I wondering, whether we have any objective measurements of the overhead involved wrt using the additional abstraction layer w/ cryptoapi... regards, -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
