Will Fiveash wrote: > Recently I modified Solaris Kerberos so it used AES CBC mode from the > user and kernel space CF. While doing this work Gary Morton and I > determined that when Kerberos was using AES ECB mode with the Niagara II > crypto provider (n2cp) performance was much worse than with the n2cp AES > ECB mech disabled so that the AES software crypto provider was used. > This makes sense because there is setup overhead when the n2cp does AES > crypto and Kerberos using AES ECB mode makes a call to kCF/n2cp for > every 16byte block. That was one of the reasons I modified Kerberos to > use AES CBC but that aside, the point I am getting to is that it would > be nice if the CF could determine the best provider automatically based > on algorithm, mode and amount of data to be processed. In the case of > Kerberos using AES ECB, the kCF would use the software provider instead > of the n2cp. > > Is someone thinking about this and is there an RFE open? > >
I thought metaslot was supposed to be able to do stuff like that, at least in its original design. I'm not sure if that ever got implemented though. -Wyllys
