> There should be plugins for different encryption methods/strengths IMHO. > A seperate kit (server?) would work for normal applications, but if the > filesystem during booting is to rely on a server not started yet... > problem... :-/ Or is there a more elegant solution? I've seen crypto done quite nicely using the translation kit (which makes a lot of sense when you think about it), but sticking it in a CryptoKit just sort of graces the whole thing with officialness - it's part of the OS that way. From that perspective it's more an issue of appearances than a question of where the code actually lives. But I see your point about boot time troubles. Maybe separate logical encrypted volumes, like what PGPdisk does, would be a good way to tackle this. Rob