On Thu, Jan 16, 2014 at 9:01 AM, MJ <[email protected]> wrote: > So bear with me, but would it be possible to switch /dev/crypto to be an > interface to an autocipher engine where both OpenSSL and NaCl ciphers could > be supported via e.g. /etc/autocipher.conf and then change all crypto-enabled > apps to use /dev/crypto and only /dev/crypto as the interface?
Moving to stronger safer crypto is a good goal, but framing the issue as OpenSSL vs NaCl suggests you don't actually understand what either of these libraries do. I've also never heard of an "autocipher engine" (Googling it only brings me back to this thread) and standardizing on /dev/crypto as the interface would be terrible for security, because it would force users to use type-unsafe ioctl() or read()/write() commands.
