Re: PBKDF2 support in the linux kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, May 24, 2018 7:57:37 AM CEST Stephan Mueller wrote:
> Am Donnerstag, 24. Mai 2018, 04:45:00 CEST schrieb Eric Biggers:
> 
> Hi Eric,
> 
> > 
> > "Not having to rely on any third-party library" is not an excuse to add
> > random code to the kernel, which runs in a privileged context.  Please do
> > PBKDF2 in userspace instead.
> 
> I second that. Besides, if you really need to rely on the kernel crypto API to 
> do that because you do not want to add yet another crypto lib, libkcapi has a 
> PBKDF2 implementation that uses the kernel crypto API via AF_ALG. I.e. the 
> kernel crypto API is used and yet the PBKDF logic is in user space.
> 
> http://www.chronox.de/libkcapi.html

So the problem is that Yu would like to use this for hibernation encryption
done entirely in the kernel.

The exact use case is to generate a symmetric encryption key out of a
passphrase.  Is there a recommended way to do that using the algorithms
already implemented in the kernel?

Thanks,
Rafael




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux