Re: IDEA (and another query)|
Mikko Pasanen <miapasan,AT,cs,DOT,uku,DOT,fi>|
Sun, 6 Apr 2003 06:47:46 +0200|
How about plugin approach which abstracs the encryption, in a way
that it has basic functionality which is impelement in a current platform
compatible way ? Using CAPI in a windows is not so called good option,
since it isn't open source, if it's broken you have to wait Microsoft to
fix it, and there might be some licence restrictions for people outside
USA with strong cryptography. This is not dissing of the windows version,
but one option is focus to bring new options to linux version and wait
that we get proper way to run virtual linux inside Windows OS. :) Value
added linux version should not be problem as long as basic level of
service is guaranteed for windows version users.
On Sat, 5 Apr 2003, Damion Wilson wrote:
> Do we have to adopt the Linux Crypto API ? Does it save work to go that way
> rather than roll our own (common) methodology, say, using a plugin approach
> Windows does have a crypto "API" but it is largely incompatible with the
> On Friday 04 April 2003 04:32 pm, Olaf Titz wrote:
> > > Does anyone know what Olaf thinks ?
> > Yes ;-)
> > > > We don't need IDEA. I think 3DES would be a much better choice.
> > I think 3DES would be a rather poor choice because of its *ahem*
> > performance characteristics. Much more interesting would be support
> > for pluggable algorithms via the Linux 2.5 standard crypto API, so you
> > could have Rijndael, MARS or whatever you like.
> > Does Windows have anything similar?
> > The current CVS version has support for the 2.4-intl crypto API
> > patches, but that is too incompatible with 2.5 to seamlessly support
> > both versions. So here goes another query: does anybody actually use
> > the 2.4 crypto API support or could that be thrown out in favor of a
> > 2.5 version? Should I fork a version with the 2.4-intl support?
> > But, and that's a big "but", to use ciphers with any block length
> > other than 64 bits would require a protocol change, as the current
> > version is fixed at that block length (IV, padding). I have some
> > thoughts about a protocol overhaul concentrating on the following
> > points:
> > - use of real cryptographic checksum instead of CRC
> > - version flags and key-use flag in a proper packet header
> > Olaf
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: