Am Freitag, 12. Februar 2016, 17:45:24 schrieb Roman Drahtmueller: Hi Roman, >56 bit keys are already prevented from being used, which conforms to rfc2451. >As of 2016, 112 bit 3DES should be prevented, too, if the expectation is >that the algorithm uses 168 bit. > >Signed-off-by: Roman Drahtmueller <draht@xxxxxxxxxxxxxx> This code is at least needed in FIPS 140-2 mode. As a caller would manually need to create a 2-key TDES key which would violate the newly added check ( which is very unlikely) I would think this patch is also appropriate for all users. Acked-by: Stephan Mueller <smueller@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html