RE: Should we consider removing Streebog from the Linux Kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Monday, April 1, 2019 10:04 AM, Vitaly Chikunov <vt@xxxxxxxxxxxx> wrote:
>
> > >
> > > Can you elaborate on why you want to use Streebog? When we added
> > > Speck, we explained in great detail why it was useful from a
> > > technical perspective (before Adiantum was ready). I don't see any such
> explanation for Streebog.
> >
> > Our users demand that file integrity is implemented using their
> > national standard algorithm.
> >
> > Thanks,
>
> Does it mean that every state can demand from Linux kernel to carrying crypto
> algorithms of their choice?
>
I doubt that states can have that kind of leverage over the main linux kernel,
but they DO have that kind of leverage over local companies and individuals.
And it is not uncommon for states not  to trust any "western" crypto and
*mandate*(!) the use of specific home-grown algorithms instead.
So if you need to facilitate such requirements from your device incorporating
Linux, it's terribly convenient for those algorithms to be part of the mainline kernel.
As the alternative would be to either maintain those outside of the kernel tree
or to fork the kernel in its entirety, considering you *must* support them.

i.e. you can't blame them for trying ... and what WOULD be a good reason for
including a certain algorithm anyway?

Regards,
Pascal, HW Security Architect




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux