Am Mittwoch, 13. April 2016, 09:07:38 schrieb Benedetto, Salvatore: Hi Salvatore, > > I don't see any particular benefit in replacing this check with a lower > boundary check only. Values other than those listed are very unlikely. > Anyway, if you feel so strong about it and other people think the same I'm > OK with either check :-) Either case shouldn't harm. The kernel is not supposed to policy user decisions. It is only there to perform operations. It is allowed to enforce policies to cover known weaknesses though (hence the check for the lower boundary). So, if a user wants to use 2040 bit DH keys, what reason has the kernel to object? Note, with the advancements of quantum computers is may be likely that we all want to use very large keys for asymmetric ciphers in the not too distant future. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html