Re: linux kernel loopback encryption

Bill Stewart (bill.stewart@pobox.com)
Fri, 17 Jul 1998 01:05:36 -0700

• Next message: John Kelsey: "Re: Cipher aging (was: linux kernel loopkack encryption)"
• Previous message: Cicero: "Re: Random Data from Geiger Counter"
• Maybe in reply to: William H. Geiger III: "Random Data from Geiger Counter"
• Next in thread: Eric Young: "Re: linux kernel loopback encryption"
• Reply: Eric Young: "Re: linux kernel loopback encryption"

At 09:41 PM 7/16/98 -0400, mgraffam@mhv.net wrote:
>On Fri, 17 Jul 1998, Eric Young wrote:
>> - Design your code to accept any cipher via some regularised API (even
>> if the cipher to be used is specified at compile time via macros).
>Yep, this is a really good idea. It also allows replacement of ciphers
>as we get paranoid about some and gain confidence in others.

In particular, designing _some_ kind of negotiation mechanism is important,
so you can find what algorithms and parameters you're willing to use;
otherwise everything tends to default to 3DES.

>> - How about making the ciphers loadable modules? Again, depending on
>> the cipher used on a disk, dynamically load the module.

Kernels are hard enough to mess with, and failures are often very bad.
If you do make the cypher a loadable module, make sure the system
will do something reasonable if it's not loaded.

                                Thanks!
                                        Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

• Next message: John Kelsey: "Re: Cipher aging (was: linux kernel loopkack encryption)"
• Previous message: Cicero: "Re: Random Data from Geiger Counter"
• Maybe in reply to: William H. Geiger III: "Random Data from Geiger Counter"
• Next in thread: Eric Young: "Re: linux kernel loopback encryption"
• Reply: Eric Young: "Re: linux kernel loopback encryption"