Sandy Harris wrote: > <snip> > Do the encrypting file systems require anything besides a good block cipher? > No. > So what does it take to get a library into the kernel that does at least: > > 3DES > Rijndael > SHA hash (initialise with fixed constants) We have all that already in kerneli. > SHA HMAC (initialise with secret key material) probably trivial to add. > public key primitives (probably signature only) > I thought that Pk encryption was only used for key exchange. That could happily live in userspace. However, I now wonder how authentication is done? Is is done via symmetric enciphering of the hash value or using PK? If it's the latter, does all and every IPv6 packet require a PK run? Good bye performance. I should look at the RFC's But it's so _much_ stuff. There is shorter treatment by TimeStep and I'll look at it _now_. .... OK, apparently AH consists of a MAC, and that should be SHA HMAC, no? So where is the need for PK in IPSec other than probably for key exchange? > What else is necessary or desirable? Would the maintainers of the various > packages use such a library? Apparently not. The kerneli patch is out there since 1998 and the only user of this is still loopback crypto. I have not heard of a reason for why it is not used, except maybe from the FreeS/WAN people: It's not free of US hands. Hmm, maybe it is? Most cipher implementations are taken from Brian Gladman, according to his homepage location he's a UK citizen. Alex, Gisle and myself from Norway (?) and Germany, resp. Sorry for the train of toughts running over you all... marc -- Marc Mutz <Marc@xxxxxxxx> http://EncryptionHOWTO.sourceforge.net/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
