Re: Cryptography in the kernel (was: Re: Linux 2.5 / 2.6 TODO (preliminary))

From: David Marshall (
Date: Thu Jun 01 2000 - 22:19:21 EST

Julian Squires <> writes:

> Of course, such an external patch already exists. (

...And there are no *-int-* patches there for anything in the 2.3
series.{v2.3,v2.4} are bascially
just mirrors of{v2.3,v2.4}/.

Of course, there are two arguments which can be made with the above

1) "Fine, then. Get off your ass and do it yourself."

2) "They're supporting stable kernels, not development ones."

Fair enough. There is also the 2.3.42 patch that someone released, but
that doesn't apply cleanly to newer kernels either. This tends to
imply that people using development kernels can't use crypto easily,
which is a bad thing.

Now sure, people can go plow through the source and do this
themselves, but the average person won't. While some of us might be
tempted to say that people who don't want to put forth the effort
shouldn't have the security, the more people who use such security,
the less conspicuous using it becomes. This is a good thing for those
of us who really want to secure things.

Now enters the argument that weak security is far, far worse than no
security, because it lulls people into a false sense of security. True
enough. This begs the question about whether putting the crypto into
the kernel really *is* a good thing, because sooner or later we're
going to have hoards of people using it, thinking they're secure, and
doing boneheaded things which totally compromise their security
without realizing it. (Examples: putting the key for their encrypted
filesystem in a plaintext file on the disk, taping it to the monitor,
using obscenely short passphrases, etc.)

Maybe the best deal is to have external patches which people can apply
if they want the feature. This is supposedly what we have now, but the
stuff needs to be kept current.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:14 EST