Am Donnerstag, 24. Mai 2018, 10:33:07 CEST schrieb Rafael J. Wysocki: Hi Rafael, > So the problem is that Yu would like to use this for hibernation encryption > done entirely in the kernel. But why do you need to perform PBKDF in kernel space? If you retain the password information in the kernel, you could retain the derived key instead of the passcode. If, however, you ask for the user password during resume, you need some user space component to query that password. The PBKDF can also be handled in user space along with the query. Or how do you want to handle the passcode? > > The exact use case is to generate a symmetric encryption key out of a > passphrase. Is there a recommended way to do that using the algorithms > already implemented in the kernel? For example, dmcrypt uses PBKDF2 for its operation. And this PBKDF is done in user space by libcryptsetup that utilizes a crypto lib, commonly libgcrypt. > > Thanks, > Rafael Ciao Stephan