1 |
Adam Carter wrote: |
2 |
> On Thu, Mar 26, 2020 at 12:17 AM Dale <rdalek1967@×××××.com |
3 |
> <mailto:rdalek1967@×××××.com>> wrote: |
4 |
> |
5 |
> Howdy, |
6 |
> |
7 |
> As some know from another thread, I installed and started using |
8 |
> veracrypt. It has the option to use the kernel encryption tools but |
9 |
> they are not enabled on my kernel, just the default stuff. I |
10 |
> found what |
11 |
> I think to be the ones veracrypt wants to use but was curious if I |
12 |
> should enable some others that are commonly used. |
13 |
> |
14 |
> |
15 |
> I've wondered about what uses kernel crypto stuff too. |
16 |
> |
17 |
> I assumed userspace stuff would use openssl or similar, but looking at |
18 |
> the ebuild for veracrypt, it doesnt use openssl etc but does want |
19 |
> CONFIG_CRYPTO from the kernel so I guess it just depends on how the |
20 |
> software is written. |
21 |
> |
22 |
> From the veracrypt-1.24_p4.ebuild; |
23 |
> local CONFIG_CHECK="~BLK_DEV_DM ~CRYPTO ~CRYPTO_XTS ~DM_CRYPT ~FUSE_FS" |
24 |
> |
25 |
> But if we look at iwd-1.5.ebuild there's logic like; |
26 |
> if use cpu_flags_x86_ssse3 && use amd64; then |
27 |
> CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_SHA1_SSSE3 |
28 |
> ~CRYPTO_SHA256_SSSE3 ~CRYPTO_SHA512_SSSE3" |
29 |
> WARNING_CRYPTO_SHA1_SSSE3="CRYPTO_SHA1_SSSE3: enable |
30 |
> for increased performance" |
31 |
> WARNING_CRYPTO_SHA256_SSSE3="CRYPTO_SHA256_SSSE3: |
32 |
> enable for increased performance" |
33 |
> WARNING_CRYPTO_SHA512_SSSE3="CRYPTO_SHA512_SSSE3: |
34 |
> enable for increased performance" |
35 |
> |
36 |
> So if you assume the veracrypt ebuild authors are as diligent as the |
37 |
> iwd ebuild authors, i'd say there's no advantage in enabling anything |
38 |
> more than ~BLK_DEV_DM ~CRYPTO ~CRYPTO_XTS ~DM_CRYPT ~FUSE_FS for |
39 |
> veracrypt. |
40 |
> |
41 |
> |
42 |
|
43 |
I ended up googling and finding what several encryption programs use for |
44 |
encryption and enabling all of them. It was quite a few but if I decide |
45 |
later to encrypt my /home, I think I have all that enabled plus what |
46 |
veracrypt needs as well. I haven't rebooted yet tho. It's on my todo |
47 |
list. I'll get to see then if I got everything or not. If not, I'll |
48 |
rinse and repeat. |
49 |
|
50 |
Thanks for the info. |
51 |
|
52 |
Dale |
53 |
|
54 |
:-) :-) |