There is some talk on the kernel-mailing list about implementing Cryptography in DragonFlyBSD.
I would like to add my input in this discussion; Most cryptography implementations use block-ciphers. But I consider block-ciphers (even AES) bad, because they are just a code-book. I consider Stream Ciphers to be the best way to encrypt data, as these are "the next best thing" to a one-time-pad (one-time-pad is a provably secure encryption method). So if DragonFly were to support encrypting the hard-disk-drive/file-system, I would recommend a Stream-Cipher implementation. There is more than one way to go about this; read up on CSPRNG on www.wikipedia.org. For me, the limiting factor is the cycle-length of the Stream-Cipher/CSPRNG. If you go via the method outlined in wikipedia for a CSPRNG (a block-cipher like AES in counter mode) then the limitation of the cycle-length is the limitation of the size of the counter. So in todays world of 64-bit computing that's 64-bits, generally speaking. Alternatively, you could use IBAA64 which is available from: http://www.leopard.uk.com/IBAA64 (or any other good CSPRNG with a guaranteed cycle-length). If DragonFlyBSD was to go down the stream-cipher/CSPRNG route (as opposed to the block-cipher route which everyone else has chosen), I would like to point out an improved version of the usual Stream-Cipher technique which I invented and have called "Cipher-Packet"; The algorithm/implementation is available from: http://www.leopard.uk.com/C12 Cheers ! -- Sincerely, Robin Carey
