15.Cryptographic options

kevinislinuxer

       
       
       
       
       
       
       
       

Cryptographic
        options
       
       

Cryptographic
                API
       
This
option provides the core Cryptographic API.

HMAC
                        support
                       
               
HMAC:
Keyed-Hashing for Message Authentication (RFC2104).
This
is required for IPSec.

Null
                        algorithms
                       
               
These
are 'Null' algorithms, used by IPsec, which do nothing.

MD4
                        digest algorithm
               
MD4
message digest algorithm (RFC1320).

MD5
                        digest algorithm
               
MD5
message digest algorithm (RFC1321).

SHA1
                        digest algorithm
                       
               
SHA-1
secure hash standard (FIPS 180-1/DFIPS 180-2).

SHA256
                        digest algorithm
               
SHA256
secure hash standard (DFIPS 180-2).
This
version of SHA implements a 256 bit hash with 128 bits of
security
against collision attacks.

SHA384
                        and SHA512 digest algorithms
               
SHA512
secure hash standard (DFIPS 180-2).
This
version of SHA implements a 512 bit hash with 256 bits of
security
against collision attacks.
This
code also includes SHA-384, a 384 bit hash with 192 bits
of
security against collision attacks.

Whirlpool
                        digest algorithms
               
Whirlpool
hash algorithm 512, 384 and 256-bit hashes
Whirlpool-512
is part of the NESSIE cryptographic primitives.
Whirlpool
will be part of the ISO/IEC 10118-3:2003(E) standard
See
also:

Tiger
                        digest algorithms
               
Tiger
hash algorithm 192, 160 and 128-bit hashes
Tiger
is a hash function optimized for 64-bit processors while
still
having decent performance on 32-bit processors.
Tiger
was developed by Ross Anderson and Eli Biham.
See
also:
.

DES
                        and Triple DES EDE cipher algorithms
               
DES
cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).

Blowfish
                        cipher algorithm
               
Blowfish
cipher algorithm, by Bruce Schneier.
This
is a variable key length cipher which can use keys from 32
bits
to 448 bits in length.  It's fast, simple and specifically
designed
for use on "large microprocessors".
See
also:

Twofish
                        cipher algorithm
               
Twofish
cipher algorithm.
Twofish
was submitted as an AES (Advanced Encryption Standard)
candidate
cipher by researchers at CounterPane Systems.  It is a
16
round block cipher supporting key sizes of 128, 192, and 256
[color="#008080"]bits.
See
also:

Serpent
                        cipher algorithm
               
Serpent
cipher algorithm, by Anderson, Biham & Knudsen.
Keys
are allowed to be from 0 to 256 bits in length, in steps
of
8 bits.  Also includes the 'Tnepres' algorithm, a reversed
variant
of Serpent for compatibility with old kerneli code.
See
also:

AES
                        cipher algorithms
                       
               
AES
cipher algorithms (FIPS-197). AES uses the Rijndael
[color="#008080"]algorithm.
Rijndael
appears to be consistently a very good performer in
both
hardware and software across a wide range of computing
environments
regardless of its use in feedback or non-feedback
modes.
Its key setup time is excellent, and its key agility is
good.
Rijndael's very low memory requirements make it very well
suited
for restricted-space environments, in which it also
demonstrates
excellent performance. Rijndael's operations are
among
the easiest to defend against power and timing attacks.       
The
AES specifies three key sizes: 128, 192 and 256 bits          
See
for more information.

AES
                        cipher algorithms (i586)
               
AES
cipher algorithms (FIPS-197). AES uses the Rijndael
[color="#008080"]algorithm.
Rijndael
appears to be consistently a very good performer in
both
hardware and software across a wide range of computing
environments
regardless of its use in feedback or non-feedback
modes.
Its key setup time is excellent, and its key agility is
good.
Rijndael's very low memory requirements make it very well
suited
for restricted-space environments, in which it also
demonstrates
excellent performance. Rijndael's operations are
among
the easiest to defend against power and timing attacks.       
The
AES specifies three key sizes: 128, 192 and 256 bits          
See
for more information.

CAST5
                        (CAST-128) cipher algorithm
               
The
CAST5 encryption algorithm (synonymous with CAST-128) is
described
in RFC2144.

CAST6
                        (CAST-256) cipher algorithm
               
The
CAST6 encryption algorithm (synonymous with CAST-256) is
described
in RFC2612.

TEA,
                        XTEA and XETA cipher algorithms
                       
               
TEA
cipher algorithm.
Tiny
Encryption Algorithm is a simple cipher that uses
many
rounds for security.  It is very fast and uses
little
memory.
Xtendend
Tiny Encryption Algorithm is a modification to
the
TEA algorithm to address a potential key weakness
in
the TEA algorithm.
Xtendend
Encryption Tiny Algorithm is a mis-implementation
of
the XTEA algorithm for compatibility purposes.

ARC4
                        cipher algorithm
               
ARC4
cipher algorithm.
ARC4
is a stream cipher using keys ranging from 8 bits to 2048
bits
in length.  This algorithm is required for driver-based
WEP,
but it should not be for other purposes because of the
weakness
of the algorithm.

Khazad
                        cipher algorithm
                       
               
Khazad
cipher algorithm.
Khazad
was a finalist in the initial NESSIE competition.  It is
an
algorithm optimized for 64-bit processors with good performance
on
32-bit processors.  Khazad uses an 128 bit key size.
See
also:

Anubis
                        cipher algorithm
               
Anubis
cipher algorithm.
Anubis
is a variable key length cipher which can use keys from
128
bits to 320 bits in length.  It was evaluated as a entrant
in
the NESSIE competition.
See
also:
[color="#008080"]
[color="#008080"]

Deflate
                        compression algorithm
                       
               
This
is the Deflate algorithm (RFC1951), specified for use in
IPSec
with the IPCOMP protocol (RFC3173, RFC2394).
You
will most probably want this if using IPSec.

Michael
                        MIC keyed digest algorithm
                       
               
Michael
MIC is used for message integrity protection in TKIP
(IEEE
802.11i). This algorithm is required for TKIP, but it
should
not be used for other purposes because of the weakness
of
the algorithm.

CRC32c
                        CRC algorithm
               
Castagnoli,
et al Cyclic Redundancy-Check Algorithm.  Used
by
iSCSI for header and data digests and by others.
See
Castagnoli93.  This implementation uses lib/libcrc32c.
Module
will be crc32c.

Testing
                        module
               
Quick
& dirty crypto test module.

Hardware
                crypto devices
               
               

Support
                        for VIA PadLock ACE
               
       
Some
VIA processors come with an integrated crypto engine
(so
called VIA PadLock ACE, Advanced Cryptography Engine)
that
provides instructions for very fast {en,de}cryption
with
some algorithms.
The
instructions are used only when the CPU supports them.
Otherwise
software encryption is used. If you are unsure,
say
Y.

Support
                                for AES in VIA PadLock
                       
Use
VIA PadLock for AES algorithm.
               
               
               

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/17431/showart_137804.html