Re: [PATCH] crypto: prevent 112bit key for 3DES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 12. Februar 2016, 17:45:24 schrieb Roman Drahtmueller:

Hi Roman,

>56 bit keys are already prevented from being used, which conforms to rfc2451.
>As of 2016, 112 bit 3DES should be prevented, too, if the expectation is
>that the algorithm uses 168 bit.
>
>Signed-off-by: Roman Drahtmueller <draht@xxxxxxxxxxxxxx>

This code is at least needed in FIPS 140-2 mode. As a caller would manually 
need to create a 2-key TDES key which would violate the newly added check ( 
which is very unlikely) I would think this patch is also appropriate for all 
users.

Acked-by: Stephan Mueller <smueller@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux