On Thu, Sep 06, 2001 at 09:36:02PM +0300, Jari Ruusu wrote:
> Robert Varga wrote:
> > Is AES the only cipher worthy enough to be used ?
>
> How many ciphers does one need? One good one will fill most peoples' needs.
Let's not get into this ;-( This is a "How many OSes does one need" type of question ;-)
It has been discussed, flamed, grilled, baked and cooked innumerable times.
> > Is it better to have aes_set_key, des_set_key, and probably quite a few others
> > rather than:
> >
> > struct crypto_ctx *ctx = crypto_newctx("aes");
> > crypto_setkey(ctx, "blahblah");
> > crypto_encrypt(ctx, dest, src, len);
> > ?
>
> Above code is AES specific (since you hardcoded the string "aes"), so yes.
> :-)
sure :-))) same way I hardcoded the encryption key to "blahblah" ;-)))
> Using low-level functions (aes_set_key(), aes_encrypt(), and aes_decrypt())
> directly gives programmer more flexibility over block chaining and
> initialization issues. It would be silly to expect crypto_encrypt() to
> support all possible weirdo setups. Operation of aes_encrypt() will not
Not all. More than one. And they need not be weird.
> change. Code calling aes_encrypt() may change to adapt to different
> situations: running in Linux kernel, userspace, or other operating systems,
> whatever.
>
> > <flame>
> > Do you think of VFS as "kernel bloat" ?
> > </flame>
>
> No.
So instead of writing cipher-specific code all over the place, wouldn't it be
better to have some kind of crypto-VFS ?
Yes, I know I am moving away rapidly from loopback encryption. It is a nice feature,
but generally not really usable on multi-user machines.
--
Kind regards,
Robert Varga
------------------------------------------------------------------------------
n@xxxxx http://hq.sk/~nite/gpgkey.txt
Attachment:
pgp00067.pgp
Description: PGP signature
