tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: remote kernel debugging over a network

On Sun, Jun 06, 2010 at 12:02:18PM +0300, Jordan Gordeev wrote:
> Thor Lancelot Simon wrote:
>> IPKDB used a custom MD5-based packet hash for "security".  I actually
>> think it would probably be very easy to support a single IPsec ESP
>> security association instead.  The hair with IPsec is all with key
>> negotiation.  Don't bother, and don't do some things like replay
>> protection, and ESP is a very simple, compact little shim layer on IP.
> ESP requires a random-number generator with cryptographic quality. I'm  
> not sure we can provide that in the limited environment of the kernel  
> debugger.

A) The claim is false.  As Steve pointed out, key negotiation is not part
   of ESP.

B) If you're talking about IV generation, it's trivial to provide one
   of the small keystream generators, keyed from wherever at subsystem
   startup, and use that.  Even if you're going for totally self-contained
   code that never calls into even libkern once it's started up, a stream
   cipher for IV generation isn't going to break the bank.


Home | Main Index | Thread Index | Old Index