On Thu, Mar 26, 2020 at 12:17 AM Dale <rdalek1...@gmail.com> wrote: > Howdy, > > As some know from another thread, I installed and started using > veracrypt. It has the option to use the kernel encryption tools but > they are not enabled on my kernel, just the default stuff. I found what > I think to be the ones veracrypt wants to use but was curious if I > should enable some others that are commonly used. >
I've wondered about what uses kernel crypto stuff too. I assumed userspace stuff would use openssl or similar, but looking at the ebuild for veracrypt, it doesnt use openssl etc but does want CONFIG_CRYPTO from the kernel so I guess it just depends on how the software is written. >From the veracrypt-1.24_p4.ebuild; local CONFIG_CHECK="~BLK_DEV_DM ~CRYPTO ~CRYPTO_XTS ~DM_CRYPT ~FUSE_FS" But if we look at iwd-1.5.ebuild there's logic like; if use cpu_flags_x86_ssse3 && use amd64; then CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_SHA1_SSSE3 ~CRYPTO_SHA256_SSSE3 ~CRYPTO_SHA512_SSSE3" WARNING_CRYPTO_SHA1_SSSE3="CRYPTO_SHA1_SSSE3: enable for increased performance" WARNING_CRYPTO_SHA256_SSSE3="CRYPTO_SHA256_SSSE3: enable for increased performance" WARNING_CRYPTO_SHA512_SSSE3="CRYPTO_SHA512_SSSE3: enable for increased performance" So if you assume the veracrypt ebuild authors are as diligent as the iwd ebuild authors, i'd say there's no advantage in enabling anything more than ~BLK_DEV_DM ~CRYPTO ~CRYPTO_XTS ~DM_CRYPT ~FUSE_FS for veracrypt.