similar to: luks and aes-ni

2016-06-02 8:48 GMT+02:00 Volker Lendecke <Volker.Lendecke at sernet.de>: > On Wed, Jun 01, 2016 at 07:44:26PM +0000, Seth Goldin wrote: > > I disabled client signing from the client side, via OS X's global > nsmb.conf > > file: https://discussions.apple.com/message/30282470#30282470 > > > > The performance was back to over 600 MB/s, as compared to 60 MB/s

This is in regards to: https://bugzilla.samba.org/show_bug.cgi?id=11451 https://bugzilla.samba.org/show_bug.cgi?id=13008 Would it be possible to find out the current state of AES-GCM mode for file shares? Outside of Samba, CCM is typically slower and considered inferior to GCM I apologize for formatting issues, I typically don’t use email lists. In /source3/smbd/smb2_negprot.c lines 494 to

I?m looking to configure a centos 7 server to lock out anaccount after 3 login failures. I?ve followed this ? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls ? Section2.1.9.5 Account Locking ? And even rebooted the serverbut it

On 04.02.2015 22:32, Dennis Jacobfeuerborn wrote: > Hi, > today I tried to configure a guest using Virt-Manager and used the "copy > host cpu configuration" option which resultet in a "Sandy Bridge" model. > What I noticed is that for example the "aes" extension is not available > in the guest even though it is available on the host cpu. > > This

https://bugzilla.mindrot.org/show_bug.cgi?id=3194 Bug ID: 3194 Summary: Please consider lowering chacha20-poly1305 at openssh.com cipher priority on AES-NI capable CPU Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement

On 03/17/2017 02:41 AM, Ian Diddams wrote: > I?ve followed this > > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls Can you send the /etc/pam.d/system-auth that you used for your test?

Hi, today I tried to configure a guest using Virt-Manager and used the "copy host cpu configuration" option which resultet in a "Sandy Bridge" model. What I noticed is that for example the "aes" extension is not available in the guest even though it is available on the host cpu. This is what the host cpu looks like: model name : Intel(R) Xeon(R) CPU E5-2650 v3 @

Hello everybody, Thank you Fufu Fang for your quick reply: With tinc version 1.0.35 and the bellow options at 100% CPu load i get about 10 MB/s... PMTU = 1400 PMTUDiscovery = yes #Cipher = none Cipher = chacha20-poly1305 Digest = blake2b512 Tried Cipher = none as well and also got 10MB/s with 100% CPU on one thread the other three available threads are idle. With inc_1.1~pre17-1.1_amd64.deb

(depends on Advance Storage Configuration patch) This patch adds the option of requesting, at install time, that swap LVs be encrypted. The modifications include: * Introduction of the ovirt_swap_encrypt install parameter * Inclusion of all required packages * Inclusion of required kernel modules * Introduction of /etc/ovirt-crypttab to hold encrypted swap configuration (Couldn't use

Hi experts, Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions? Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode:

On Thu, Jun 02, 2016 at 01:59:17PM +0200, mathias dufresne wrote: > What would we have to do to get that hardware performance improvement? Talk to metze :-) > Just upgrade Samba to some version patched with Metze stuffs or is there > also some drivers to be compiled and loaded into Kernel? I believe Metze's patches require OpenSSL, but he needs to comment on that. > The

Apologies for the wide alias, but as it may interest serveral fs groups, here it is: In the everlasting search for the best fs for my shiny new disks, I was interested in some numbers, here're the results: http://nerdbynature.de/bench/amd64/2.6.19-rc5-git4/test-3/dm-crypt-3.html details: http://nerdbynature.de/wp/?cat=4 (in short: ext3 pretty fast in all operations. then again, the numbers

The newly-released kernel v2.6.32-504.23.4.el6 includes the back-ported SHA256-SSSE3 driver. Why is the generic version of the SHA256 driver selected at runtime instead of the SSSE3 version on this x86_64 system? Yes, my CPU does support the SSSE3 instruction set, and the use of SHA256 is invoked by the LUKS "cipher=aes-cbc-essiv:sha256" option. On the running system I see that the

(Apologies for any duplication, yesterday's e-mail doesn't seem to have made it through moderation) I've had several recent crashes of the nouveau kernel driver over the past month or so. My suspicion is that Firefox is causing it. The screen goes black and then the computer reboots. Nothing much in the syslogs, however I've managed to get netconsole output. I've also run

Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong

On Mon, Feb 9, 2015 at 3:42 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > > Still, there are many knowledgeable people on the list, they may give > different recommendation, which will create some pool of choices. I asked > John and Jonathan, I'd like to ask also Les Mikesell and Mr. SilverTip257: > what would you, gentlemen, recommend? Anybody? (I know

On Mon, Feb 9, 2015 at 2:06 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > On Mon, Feb 9, 2015 at 3:42 PM, Valeri Galtsev > <galtsev at kicp.uchicago.edu> wrote: >> > >> Still, there are many knowledgeable people on the list, they may give >> different recommendation, which will create some pool of choices. I asked >> John and Jonathan, I'd

Hi, I would like to know if there is some feed for OVAL checks like in Redhat: https://www.redhat.com/security/data/oval/. Documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Practical_Examples.html#sect-Auditing_Security_Vulnerabilities_Example Other distributions have an oval feed: - Redhat:

You must define connection address and key in ipsec.secrets. -- Eero 2016-04-01 19:38 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > Just trying to follow the instructions here > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > > I don't think I am doing anything special.

I've had several recent crashes of the nouveau kernel driver over the past month or so. My suspicion is that Firefox is causing it. The screen goes black and then the computer reboots. Nothing much in the syslogs, however I've managed to get netconsole output. It happens very infrequently and I'm afraid I don't know how to reproduce it, however I'll be more than happy to