On Monday, April 1, 2019 11:44 AM, Pascal Van Leeuwen <pvanleeuwen@xxxxxxxxxxxxxxxx> wrote: > > On Monday, April 1, 2019 10:04 AM, Vitaly Chikunov vt@xxxxxxxxxxxx wrote: > > > > > > Can you elaborate on why you want to use Streebog? When we added > > > > Speck, we explained in great detail why it was useful from a > > > > technical perspective (before Adiantum was ready). I don't see any such > > > > explanation for Streebog. > > > > > > Our users demand that file integrity is implemented using their > > > national standard algorithm. > > > Thanks, > > > > Does it mean that every state can demand from Linux kernel to carrying crypto > > algorithms of their choice? > > I doubt that states can have that kind of leverage over the main linux kernel, > but they DO have that kind of leverage over local companies and individuals. > And it is not uncommon for states not to trust any "western" crypto and > mandate(!) the use of specific home-grown algorithms instead. > So if you need to facilitate such requirements from your device incorporating > Linux, it's terribly convenient for those algorithms to be part of the mainline kernel. > As the alternative would be to either maintain those outside of the kernel tree > or to fork the kernel in its entirety, considering you must support them. > So if they have leverage over companies and individuals they have leverage over the linux kernel too :) I wonder what will be the limits of this leverage. Imagine some state (eastern or western, north or south) starts to require using backdoored crypto because they don't trust something they can't break. Will linux kernel comply? > i.e. you can't blame them for trying ... and what WOULD be a good reason for > including a certain algorithm anyway? > Technical soundness and problems it solves. Speck was already given as example. It was needed due to performance constraints on lower-end devices and when it wasn't needed anymore it was thrown to the bin. > Regards, > Pascal, HW Security Architect Jordan