Am Dienstag, 17. März 2015, 22:45:52 schrieb Herbert Xu: Hi Herbert, >On Tue, Mar 17, 2015 at 12:40:12PM +0100, Stephan Mueller wrote: >> >How about adding a flag to all these internal algorithms and then >> >change crypto_alg_mod_lookup to disable that flag by default? >> >> The issue with flags is the following: first we have to think about >> whether we want a black list or white list approach. Your suggestion >> implies a black list. Black lists for ensuring security is not good >> IMHO as it has a tendency to miss cases. This especially applies to >> this area where we have already an indicator for internal ciphers: >> the prio is so low that it will never ever be selected based on the >> name. Now, adding a flag means that we mark such an internal cipher >> twice. > >Huh? Using prio is already a black list. > >In any case abusing the priority field like this is not acceptable, >especially when the priority can be set from user-space. I agree, I forgot about the priority being changable. I will prepare a proposal with a flag. > >Cheers, Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html