On Mon, Mar 30, 2009 at 01:54:15PM +0200, Steffen Klassert wrote: > > Well, to do efficient parallel processing we need a percpu IV chain > genarator. pcrypt sends the crypto requests round robin to the cpus > independent of the flow they are belong to, so the flows and the IV > streams are mixing. As long as we use the percpu IV chain genarator just > for parallel algorithms we don't have this security issues. How about using eseqiv? It's designed for exactly this situation where you want parallel async processing. Its overhead is just one extra encryption block. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html