cryptodev

Robert Connolly robert at linuxfromscratch.org
Fri Sep 15 21:29:55 PDT 2006


Hi. I just found this project:
http://www.logix.cz/michal/devel/cryptodev/

The kernel.org mail thread, about cryptodev, starts here:
http://www.ussg.iu.edu/hypermail/linux/kernel/0408.3/0250.html

This kernel patch adds a /dev/crypto device so packages can use the kernel's 
crypto api, rather than a library like openssl (or libcrypt from libc). This 
allow all applications to use the same standard crypto 
interface/library/module. The website has a patch for openssl.

Currently md5sum (from coreutils), passwd (from shadow), util-linux, openssh, 
and many others, each build in their own md5 library. If there were a 
vulnerability in md5 tommorrow we would have to investigate every installed 
package to check which are affected. Using a kernel module for all md5 hashes 
means only one module would need to be upgraded. This performs better, makes 
things easier to upgrade, and uses less storage space.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20060916/66080b46/attachment.sig>


More information about the hlfs-dev mailing list