[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: difference between jari's and hvr's package

To: Newsmail <newsmail@satimex.tvnet.hu>, linux-crypto@nl.linux.org
Subject: Re: difference between jari's and hvr's package
From: Marc Mutz <Marc.Mutz@uni-bielefeld.de>
Date: Wed, 6 Mar 2002 12:55:35 +0100
In-Reply-To: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: Bielefeld University - Department of Physics
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <5.0.2.1.2.20020305111010.01cc1170@pop.tvnet.hu>
Sender: linux-crypto-bounce@nl.linux.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 05 March 2002 11:12, Newsmail wrote:
> I would like to ask, what is the real difference between the crypto
> api package of hvr (the new testing releases for new kernels), and
> the loop-AES package of jari.
<snip>

AFAIK, the goal of loop-AES is to provide a lean disk encryption service 
that works on kernels 2.0 through 2.4. Nothing more, but nothing less, 
too.

As a consequence, it works as a plug'n'play kernel module, since it only 
uses existing kernel interfaces.

The goal of cryptoAPI, OTOH, is to provide an API for cryptography 
building blocks (ciphers and disgests as of now) for use by other 
kernel modules. cryptoloop is one of them and provides disk encryption 
like loop-AES, but not necessarily across major kernel releases.

As a consequence of providing a new API, it needs to patch the kernel 
and these patches tend to get out of sync with the kernel code as it 
evolves. Thus the need for regular updates of the patch for the current 
kernel version.

Since cryptoAPI is more than disk encryption, other (possible) cryptoAPI 
uses come to mind:
- - /dev/random comes with it's own implementations of MD5 and SHA1. One 
could make it use the cryptoAPI, if present.
- - the swap code could encrypt each page directly, without having to set 
up the swap device as a loopback.
- - all VPN solutions come with the need of in-kernel cryptography. 
Currently, all come with their own implementations.
- - IPv6 has mandatory support for IPSec, which needs yet another set of 
ciphers and MACs.

Now, suppose you had a need for encrypted filesystems and a VPN. You'd 
end up with possibly three different MD5 implementations, and two 
cipher suites.

This is the situation that cryptoAPI is trying to solve.

Marc

- -- 
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8hgO33oWD+L2/6DgRAlO3AJ96dbiXLmBdYwkD6f1bxXDlco9wJACaA626
2E4PBW/kTw/eMA3qoSTEKfM=
=feTm
-----END PGP SIGNATURE-----

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- difference between jari's and hvr's package
  - From: Newsmail <newsmail@satimex.tvnet.hu>

Prev by Date: Re: journaling file systems
Next by Date: Re: difference between jari's and hvr's package
Prev by thread: Re: difference between jari's and hvr's package
Next by thread: Re: difference between jari's and hvr's package
Index(es):
- Date
- Thread