Re: Cryptography in the kernel (was: Re: Linux 2.5 / 2.6 TODO (preliminary))

From: Jesse Pollard (
Date: Fri Jun 02 2000 - 05:25:25 EST

On Thu, 01 Jun 2000, David Marshall wrote:
>Julian Squires <> writes:
>> On Thu, Jun 01, 2000 at 10:19:21PM -0500, David Marshall wrote:
>> > Now sure, people can go plow through the source and do this
>> > themselves, but the average person won't. While some of us might be
>> > tempted to say that people who don't want to put forth the effort
>> > shouldn't have the security, the more people who use such security,
>> > the less conspicuous using it becomes. This is a good thing for those
>> > of us who really want to secure things.
>> I think that there are also aspects of the kernel whose security might
>> be improved through the use of strong cryptographic primitives.
>> (OpenBSD has been doing some innovative stuff here - it would be worth
>> learning from their example, IMHO)
>> If the kernel doesn't have these cryptographic primitives without a
>> patch, though, it means one must maintain a much larger amount of code
>> in the international patch (and keep the weaker versions in the main
>> distribution), which would be a tremendous pain.
>And there's always a catch. :)
>Someone mentioned that it was hypocritical (I'm paraphrasing) for
>those of us in the United States to argue that crypto should go into
>the kernel regardless of the laws in countries like China, because
>stupid algorithm patents are enforced in the United States. There's
>actually a huge difference: one is including an API, and the other is
>including the actual algorithms. China, as far as I know, says that
>you can't include the API. The United States says that you can't
>include patented algorithms without permission, which is totally
>different from adding an API.

The US always allowed importing. The problem lay in that patches, bugfixes,
bug reports, algorithms, and documentation could not be exported. That ment that
the entire US development people would be cut off from contributing; leaving
all Linux development in Europe, Asia, and Austrailia (near east ...).

That implied that the LARGE number of fixes/improvements could never be
published. And then Linus moved to the US.... No Linux at all.... therefore
no crypto... and Linux (with all its current ability) exists.

>In other words, putting in a crypto API with support for all sorts of
>algorithms is one thing, and has its own technical issues. Putting in
>support for specific algorithms can be made relatively simple: the
>programmer literally just drops the code in, and writes init, release,
>status, key generation and handling, encrypt, and decrypt functions.

Jesse I Pollard, II

Any opinions expressed are solely my own.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:14 EST