SMB3 encryption performance

Simo simo at
Tue Feb 17 12:44:37 MST 2015

On Tue, 2015-02-17 at 18:41 +0100, Volker Lendecke wrote:
> On Tue, Feb 17, 2015 at 12:00:04PM -0500, Ira Cooper wrote:
> > On Tue, Feb 17, 2015 at 04:22:29PM +0100, Volker Lendecke wrote:
> > >
> > > 
> > > This is a minefield. Do we really want to participate? These fights
> > > tell me that consensus over a crypto library in the Free Software
> > > world is lightyears away. That would be a good reason to go and do it
> > > on our own.
> > 
> > BS.
> > 
> > I'm with Simo here.  You've shot nettle, and decided you don't like
> > it that's fine... what about gcrypt?  I see nothing wrong with it so far?!
> Look at Andreas' mail. It was not me who said gcrypt is bad.

They are all bad in one way or another, if we had the perfect crypto
lib, than everyone would be using it and there wouldn't be so many :)

We just need to make a reasonable choice for now, and let others
contribute a crypto-library abstraction if they feel like they really
need to use something else.

> > I'll also bring in the littany of crypto errors that have
> > made the press... For those who remember the Debian OpenSSL random number
> > generator error :(.  Heartbleed, etc... It all proves to me that when it
> > comes to that type of code, it is JUST dangerous.
> > 
> > I'm not saying we CAN'T do it.  I'm saying I'd rather have a full SMB3
> > stack instead.
> > 
> > I also think the world needs another crypto library like a fish
> > needs a bicycle.
> Right. But without water a fish might benefit from a bicycle
> to get to the next pond in time.

No, you just get into a car accident before getting there.
Roll your own crypto is on my personal list of things to veto if I can.


More information about the samba-technical mailing list