>>>>> "sandy" == Sandy Harris <sandy@storm.ca> writes: Hi sandy> Externally loaded ciphers may also be a security weakness. And a good option for let people decide if they want/don't want crypto. Notice that this is a myth, if one atacant can change your modules, he can also patch your binary. When somebody has root on your machine, the game is over :(((( sandy> Then make them all compile-time options, not externally loaded. Distributions like to let people choice what they want, if you don't let it be modules, we are not able to give the option :((( Notice that _size_ is very important, as there is still not PC that can boot with anything that is not a floppy. Notice also that you can compile modules into the kernel if you want, that means that if they are modules, you can put they are modules or compiled-in, as your choice, if they can only be compiled-in, you can compiled them in, or not having them, what means less choice. Later, Juan. -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
