SMB3 encryption performance
simo at samba.org
Tue Feb 17 12:40:36 MST 2015
On Tue, 2015-02-17 at 16:22 +0100, Volker Lendecke wrote:
> On Tue, Feb 17, 2015 at 04:01:38PM +0100, Andreas Schneider wrote:
> > On Sunday 15 February 2015 11:25:16 Volker Lendecke wrote:
> > > On Sat, Feb 14, 2015 at 03:41:46PM -0500, Michael Ledford wrote:
> > > > There are a few libraries that can provide CPU optimization for AES.
> > > > Here are a few which might fit.
> > > >
> > > > If you are looking for a C based library then libgcrypt
> > > > <http://www.gnu.org/software/libgcrypt/> might be a good choice.
> > >
> > > Thanks. I've already found libgcrypt, it seems to be part of
> > > the gpg suite. The question I have is broader: libcrypt,
> > > mozilla nss, probably some Kerberos base libs,
> > > open/libressl/, etc all offer AES. What do we want to put
> > > development effort on? Not so much a question to you,
> > > Michael, but rather more to the broader audience here, in
> > > particular for example Simo, Andrew and others involved with
> > > crypto.
> > Forget libgcrypt, it is one of the most horrible APIs out there. It is simply
> > a pain for every programmer. We have libgcrypt in libssh and I want to get rid
> > of it.
> > If you prefer something which is LGPL, then use nettle . GnuTLS switched
> > from libgcrypt to libnettle ...
> > libcrypt from OpenSSL is another options. libressl is not in any distribution
> > right now.
> > -- andreas
> >  http://www.lysator.liu.se/~nisse/nettle/
> This is a minefield. Do we really want to participate? These fights
> tell me that consensus over a crypto library in the Free Software
> world is lightyears away.
> That would be a good reason to go and do it on our own.
Nope, if you that now you have N+1 problems, not less.
More information about the samba-technical