Re: PBKDF2 support in the linux kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 26, 2018 at 03:36:37PM +0200, Stephan Mueller wrote:
> - security related code should be vetted (which arguably is the case when the 
> discussed PBKDF is part of the kernel)
> > 
> > If he/she were to add their own userland code then he would surely be
> > criticized for rolling his own implementation.

If one were to copy and paste cryptographic algorithms, that's surely
not "rolling your own implementation" --- you're using someone else's
implemntation.  The argument for why code reuse by copy and paste is
not a good thing is that you won't pick up bug fixes that might show
up later.  But for a cryptographic algorithm (e.g., sHA256, CHACHA20,
etc.) with test vectors, in general there aren't cases where there are
bug fixes that come later.  An argument which makes sense for, say, an
implementation of TLS, is not really applicable here.

Given that there are other ways to address using well-vetted and
reviewed code, I would argue that "run code at with least privleges"
is clearly the far more important consideration here.

   	       	   		  		- Ted



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux