Date: Sun, 14 Jan 2018 16:06:38 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: Benjamin Kaduk <bjk@freebsd.org>, arch@freebsd.org Subject: Re: Ranting about OCF / crypto(9) Message-ID: <20180115000638.GT75576@funkthat.com> In-Reply-To: <8C6BFBB0-3323-4DC8-BF23-B27D0235256D@lists.zabbadoz.net> References: <3790717.UIxaijsHl3@ralph.baldwin.cx> <20180111055620.GO72574@kduck.kaduk.org> <8C6BFBB0-3323-4DC8-BF23-B27D0235256D@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb wrote this message on Thu, Jan 11, 2018 at 13:07 +0000: > On 11 Jan 2018, at 5:56, Benjamin Kaduk wrote: > > >> In terms of algorithms, I suspect there are some older algorithms > >> we could drop. Modern hardware doesn't offload DES for example. > >> Both ccr(4) and aesni(4) only support AES for encryption. We > >> do need to keep algorithms required for IPSec in the kernel, but > >> we could probably drop some others? > > > > Yes, it's probably time for DES to go. Maybe others as well. > > There sadly still is a lot of commercial gear out there that still > requires single-DES. Even 3DES is effectively broken: https://sweet32.info/ and does it even make sense to support acceleration of DES? Does anyone realistically depend upon hardware acceleration of it? I'd be surprised if anyone does. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180115000638.GT75576>