Re: [PATCH 0/2] crypto: remove MD4 generic shash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2021-08-18 at 18:10 +0200, Ard Biesheuvel wrote:
> On Wed, 18 Aug 2021 at 16:51, Denis Kenzior <denkenz@xxxxxxxxx>
> wrote:
> > Hi Ard,
> > 
> > On 8/18/21 9:46 AM, Ard Biesheuvel wrote:
> > > As discussed on the list [0], MD4 is still being relied upon by
> > > the CIFS
> > > driver, even though successful attacks on MD4 are as old as Linux
> > > itself.
> > > 
> > > So let's move the code into the CIFS driver, and remove it from
> > > the
> > > crypto API so that it is no longer exposed to other subsystems or
> > > to
> > > user space via AF_ALG.
> > > 
> > 
> > Can we please stop removing algorithms from AF_ALG?
> 
> I don't think we can, to be honest. We need to have a deprecation
> path
> for obsolete and insecure algorithms: the alternative is to keep
> supporting a long tail of broken crypto indefinitely.

I think you are ignoring the fact that by doing that you might be
removing a migration path to more secure algorithms, for some legacy
systems.

I.e. in some cases this might mean sticking to insecure algorithm *and*
old kernel for unnecessary long amount of time because migration is
more costly.

Perhaps there could be a comman-line parameter or similar to enable
legacy crypto?

/Jarkko




[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux