1 |
On Thu, Mar 26, 2020 at 12:17 AM Dale <rdalek1967@×××××.com> wrote: |
2 |
|
3 |
> Howdy, |
4 |
> |
5 |
> As some know from another thread, I installed and started using |
6 |
> veracrypt. It has the option to use the kernel encryption tools but |
7 |
> they are not enabled on my kernel, just the default stuff. I found what |
8 |
> I think to be the ones veracrypt wants to use but was curious if I |
9 |
> should enable some others that are commonly used. |
10 |
> |
11 |
|
12 |
I've wondered about what uses kernel crypto stuff too. |
13 |
|
14 |
I assumed userspace stuff would use openssl or similar, but looking at the |
15 |
ebuild for veracrypt, it doesnt use openssl etc but does want CONFIG_CRYPTO |
16 |
from the kernel so I guess it just depends on how the software is written. |
17 |
|
18 |
From the veracrypt-1.24_p4.ebuild; |
19 |
local CONFIG_CHECK="~BLK_DEV_DM ~CRYPTO ~CRYPTO_XTS ~DM_CRYPT ~FUSE_FS" |
20 |
|
21 |
But if we look at iwd-1.5.ebuild there's logic like; |
22 |
if use cpu_flags_x86_ssse3 && use amd64; then |
23 |
CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_SHA1_SSSE3 |
24 |
~CRYPTO_SHA256_SSSE3 ~CRYPTO_SHA512_SSSE3" |
25 |
WARNING_CRYPTO_SHA1_SSSE3="CRYPTO_SHA1_SSSE3: enable for |
26 |
increased performance" |
27 |
WARNING_CRYPTO_SHA256_SSSE3="CRYPTO_SHA256_SSSE3: enable |
28 |
for increased performance" |
29 |
WARNING_CRYPTO_SHA512_SSSE3="CRYPTO_SHA512_SSSE3: enable |
30 |
for increased performance" |
31 |
|
32 |
So if you assume the veracrypt ebuild authors are as diligent as the iwd |
33 |
ebuild authors, i'd say there's no advantage in enabling anything more than |
34 |
~BLK_DEV_DM ~CRYPTO ~CRYPTO_XTS ~DM_CRYPT ~FUSE_FS for veracrypt. |