Re: [PATCH] Delete cryptoloop
From: Andries Brouwer
Date: Thu Jul 29 2004 - 11:20:44 EST
On Thu, Jul 22, 2004 at 01:46:49AM -0700, Andrew Morton wrote:
> Your points can be simplified to "I don't use cryptoloop, but someone else
> might" and "we shouldn't do this in a stable kernel".
>
> Well, I want to hear from "someone else". If removing cryptoloop will
> irritate five people, well, sorry. If it's 5,000 people, well maybe not.
>
> Yes, I buy the "stable kernel" principle, but here we have an example where
> it conflicts with the advancement of the kernel, and we need to make a
> judgement call.
>
> Actually, my most serious concern with cryptoloop is the claim that it is
> insufficiently secure. If this is true then we'd be better off removing
> the feature altogether rather than (mis)leading our users into thinking
> that their data is secure.
The above sounds wrong / misguided.
First: "(mis)leading our users into thinking that their data is secure".
Security is not a yes/no matter. There are degrees of protection against
various possible attacks.
Second: This seems to be a discussion about cryptoloop vs dm-crypt.
But dm-crypt has the same weaknesses as cryptoloop, so from a crypto
point of view there is zero reason to switch.
If there is a reason to switch it must be elegance and correctness and
robustness of kernel implementation, together with the idea that we
do not need more than one kernel implementation of roughly speaking
the same concept. Not crypto, but just loop vs dm arguments.
Third: Announcing a date for the demise of cryptoloop seems a bit premature
at a point in time when dm-crypt is not quite usable yet.
I have the impression that cryptoloop and/or loop-aes presently are used by
more than your 5000 users.
James Morris wrote:
# Jari Ruusu ... Fruhwirth Clemens ...
So far, every time I checked the details Jari Ruusu has been right.
In the present discussion Fruhwirth Clemens showed an amazing lack
of understanding of cryptography. His threat model seems limited to
things like "chosen plaintext attack" etc.
But there are so many entirely different attacks.
# Part of the reason for dropping cryptoloop is to help dm-crypt
# mature more quickly.
A very strange reason. But maybe it fits in with dropping the idea
of a stable kernel.
# I've had some off-list email on the security of dm-crypt, and it seems
# that it does need some work. We need to get the security right more than
# we need to worry about these other issues.
Yes.
Andries
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/