> >>> This patch disables the use of arc4 on block devices. > >> > >> arc4 again. it is simply not a block cipher:-) > >> > >> This should be solved inside cryptoAPI and not blacklist it in dm-crypt, > >> see that thread > >> http://article.gmane.org/gmane.linux.kernel.cryptoapi/3441 > > > > I some how remember Herbert saying to test for block size > 1. Wouldn't > > this be acceptable to block all stream cipher in one go? > > yes, I think it is better. > (...and I just forgot to add that test to dm-crypt after that suggestion.) > > Milan Hmm, there is salsa20 that has block size 1, larger initialization vectors, and can be used to encrypt disks (although salsa20 doesn't currently work with dm-crypt, because it doesn't accept "ecb(), cbc(), etc." chaining modes --- but if you remove the chaining mode manually, it works). You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a cipher can't be used to encrypt disks. Mikulas -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
