On Fri, Sep 07, 2001 at 10:10:49AM +0200, Robert Varga wrote: > > How many ciphers does one need? One good one will fill most peoples' needs. > > Let's not get into this ;-( This is a "How many OSes does one need" type of question ;-) > It has been discussed, flamed, grilled, baked and cooked innumerable times. Indeed. I will be the one to decide which cipher is used on which project and have little interest in having the choice made for me. > So instead of writing cipher-specific code all over the place, wouldn't it be > better to have some kind of crypto-VFS ? > I think there will be something more general than that required. We have user space encryption proliferating across the board and there is no earthly way any of us can certify all of them as being properly implimented. I would much rather have one or more very well beaten on modules that supply encryption services to all the security services. Note that we need encryption in IPv6 too; and for FreeSWAN, and for MIT's SFS, and for ssh, and for PAM, and for who knows what else... It's not *just* a file system issue. I'd propose that we want a kernel module somewhat like ALSO or the like into which one just plugs in whatever algorithm one wants in their kernel and which makes those available as a service to whatever tools need them. This also allows for hardware level encryption to be handled transparently by hardware and the service made available to all possible users of that service. We've become way too focused on just the issue of crypto file systems. That is indeed an important issue, but it is only one corner of the crypto services domain. -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
