Ranting about OCF / crypto(9)
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Thu Jan 11 13:08:14 UTC 2018
On 11 Jan 2018, at 5:56, Benjamin Kaduk wrote:
>> In terms of algorithms, I suspect there are some older algorithms
>> we could drop. Modern hardware doesn't offload DES for example.
>> Both ccr(4) and aesni(4) only support AES for encryption. We
>> do need to keep algorithms required for IPSec in the kernel, but
>> we could probably drop some others?
>
> Yes, it's probably time for DES to go. Maybe others as well.
There sadly still is a lot of commercial gear out there that still
requires single-DES.
>> One concern with some of these changes is that there are several drivers
>> in the tree for older hardware that I'm not sure is really used anymore.
>> That is an impediment to making changes to the crypto <-> driver interface
>> if we can't find folks willing to at least test changes to those drivers
>> if not maintain them.
>
> That does seem like a relevant concern, as some of this stuff seems
> pretty obscure now. I expect that some of it will have to go since
> no one can be found to test it.
I am sure I have old soekris boxes in use with a hifn(4) in them.
/bz
More information about the freebsd-arch
mailing list