On Wed, Aug 18, 2021 at 11:18 PM Tom Talpey <tom@xxxxxxxxxx> wrote: > > On 8/18/2021 12:10 AM, Ronnie Sahlberg wrote: > > Steve, > > > > We depend on ARC4 for generating the encrypted session key in key exchange. > > This patch disables the key exchange/encrypted session key for ntlmssp > > IF the kernel does not have any ARC4 support. > > > > This allows to build the cifs module even if ARC4 has been removed > > though with a weaker type of NTLMSSP support. > > It's a good goal but it seems wrong to downgrade the security > so silently. Wouldn't it be a better approach to select ARC4, > and thereby force the build to succeed or fail? Alternatively, > change the #ifndef ARC4 to a positive option named (for example) > DOWNGRADED_NTLMSSP or something equally foreboding? Good point. Maybe we should drop this patch and instead copy ARC4 into fs/cifs so we have a private version of the code in cifs.ko. And do the same for md4 and md5. > > Tom.
