On Thursday, May 24, 2018 7:57:37 AM CEST Stephan Mueller wrote: > Am Donnerstag, 24. Mai 2018, 04:45:00 CEST schrieb Eric Biggers: > > Hi Eric, > > > > > "Not having to rely on any third-party library" is not an excuse to add > > random code to the kernel, which runs in a privileged context. Please do > > PBKDF2 in userspace instead. > > I second that. Besides, if you really need to rely on the kernel crypto API to > do that because you do not want to add yet another crypto lib, libkcapi has a > PBKDF2 implementation that uses the kernel crypto API via AF_ALG. I.e. the > kernel crypto API is used and yet the PBKDF logic is in user space. > > http://www.chronox.de/libkcapi.html So the problem is that Yu would like to use this for hibernation encryption done entirely in the kernel. The exact use case is to generate a symmetric encryption key out of a passphrase. Is there a recommended way to do that using the algorithms already implemented in the kernel? Thanks, Rafael