Hi Ard,
The previous ARC4 removal
already caused some headaches [0].
This is the first time this has been reported on an upstream kernel list.
As you know, I went out of my way to ensure that this removal would
happen as smoothly as possible, which is why I contributed code to
both iwd and libell beforehand, and worked with distros to ensure that
the updated versions would land before the removal of ARC4 from the
kernel.
It is unfortunate that one of the distros failed to take that into
account for the backport of a newer kernel to an older distro release,
but I don't think it is fair to blame that on the process.
Please don't misunderstand, I don't blame you at all. I was in favor of ARC4
removal since the kernel AF_ALG implementation was broken and the ell
implementation had to work around that. And you went the extra mile to make
sure the migration was smooth. The reported bug is still a fairly minor
inconvenience in the grand scheme of things.
But, I'm not in favor of doing the same for MD4...
Please note that iwd does use MD4 for MSCHAP
and MSCHAPv2 based 802.1X authentication.
Thanks for reporting that.
So what is your timeline for retaining MD4 support in iwd? You are
aware that it has been broken since 1991, right? Please, consider
having a deprecation path, so we can at least agree on *some* point in
time (in 6 months, in 6 years, etc) where we can start culling this
junk.
That is not something that iwd has any control over though? We have to support
it for as long as there are organizations using TTLS + MD5 or PEAPv0. There
are still surprisingly many today.
Regards,
-Denis