-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 05 March 2002 11:12, Newsmail wrote: > I would like to ask, what is the real difference between the crypto > api package of hvr (the new testing releases for new kernels), and > the loop-AES package of jari. <snip> AFAIK, the goal of loop-AES is to provide a lean disk encryption service that works on kernels 2.0 through 2.4. Nothing more, but nothing less, too. As a consequence, it works as a plug'n'play kernel module, since it only uses existing kernel interfaces. The goal of cryptoAPI, OTOH, is to provide an API for cryptography building blocks (ciphers and disgests as of now) for use by other kernel modules. cryptoloop is one of them and provides disk encryption like loop-AES, but not necessarily across major kernel releases. As a consequence of providing a new API, it needs to patch the kernel and these patches tend to get out of sync with the kernel code as it evolves. Thus the need for regular updates of the patch for the current kernel version. Since cryptoAPI is more than disk encryption, other (possible) cryptoAPI uses come to mind: - - /dev/random comes with it's own implementations of MD5 and SHA1. One could make it use the cryptoAPI, if present. - - the swap code could encrypt each page directly, without having to set up the swap device as a loopback. - - all VPN solutions come with the need of in-kernel cryptography. Currently, all come with their own implementations. - - IPv6 has mandatory support for IPSec, which needs yet another set of ciphers and MACs. Now, suppose you had a need for encrypted filesystems and a VPN. You'd end up with possibly three different MD5 implementations, and two cipher suites. This is the situation that cryptoAPI is trying to solve. Marc - -- Marc Mutz <mutz@kde.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8hgO33oWD+L2/6DgRAlO3AJ96dbiXLmBdYwkD6f1bxXDlco9wJACaA626 2E4PBW/kTw/eMA3qoSTEKfM= =feTm -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
