Subject: Re: FYI: this time, really about to import crypto framework
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Sam Leffler <firstname.lastname@example.org>
Date: 07/25/2003 14:41:47
> There's one more substantive issue: the FreeBSD opencrypto includes
> what (at the time) were ``best-of-breed'' crypto implementations.
> Those are the ones I've tested as part of opencrypto over the last few
> months, so I also imported the FreeBSD crypto-transform code. Some
> duplication may have occurred (specificallyw ith rijndael and
> cast128). Obviously, I'd like to resolve that ASAP, but it will
> require some collaboration with the KAME team and any other users of
> the extant crypto APIs.
If I recall I did this by enabling /dev/crypto access to the s/w crypto
support in the kernel and then used the cryptotest program to benchmark
each implementation. Fastest one was selected if the time difference was
noticeable (>5% perhaps).