On Wed, 2021-08-18 at 18:10 +0200, Ard Biesheuvel wrote: > On Wed, 18 Aug 2021 at 16:51, Denis Kenzior <denkenz@xxxxxxxxx> > wrote: > > Hi Ard, > > > > On 8/18/21 9:46 AM, Ard Biesheuvel wrote: > > > As discussed on the list [0], MD4 is still being relied upon by > > > the CIFS > > > driver, even though successful attacks on MD4 are as old as Linux > > > itself. > > > > > > So let's move the code into the CIFS driver, and remove it from > > > the > > > crypto API so that it is no longer exposed to other subsystems or > > > to > > > user space via AF_ALG. > > > > > > > Can we please stop removing algorithms from AF_ALG? > > I don't think we can, to be honest. We need to have a deprecation > path > for obsolete and insecure algorithms: the alternative is to keep > supporting a long tail of broken crypto indefinitely. I think you are ignoring the fact that by doing that you might be removing a migration path to more secure algorithms, for some legacy systems. I.e. in some cases this might mean sticking to insecure algorithm *and* old kernel for unnecessary long amount of time because migration is more costly. Perhaps there could be a comman-line parameter or similar to enable legacy crypto? /Jarkko
