I would like to suggest the following kerneli changes, which I am willing to implement if contributions from a US citizen are considered OK by the kerneli maintainer, and if the reaction to them is generally positive. 1. I want to make the Initial Value change that I described in my previous email so that the IV is independent of both machine page size and device block size. 2. I want to change cryptoapi so that loop devices can be configued by ioctl's that use strings rather that cipher ID's and that allow for information like key length to be retrieved by the ioctl. That way user level programs like losetup will not have to be updated to reflect the specific set of ciphers available in the kernel cryptoapi patch, and the kernel could automatically try to load the cipher-foo module when it is asked to configure an unknown cipher "foo" (with the usual precaustions about bogus module names). It should be easier to get the smaller change accepted in util_linux. 3. I want to separate the resulting core cryptoapi code from the ciphers. The cryptoapi core would then be more manageable patch, which we should campaign to get included into the standard Linux kernels. The ciphers could be distributed as one or more separate packages that could build as standalone modules without needing to patch the kernel. Does this plan look OK? Adam J. Richter __ ______________ 4880 Stevens Creek Blvd, Suite 104 adam@xxxxxxxxxxxxx \ / San Jose, California 95129-1034 +1 408 261-6630 | g g d r a s i l United States of America fax +1 408 261-6631 "Free Software For The Rest Of Us." Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
