tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: AES leaks, cgd ciphers, and vector units in the kernel
I'm really excited about this patch in general, especially getting
an alternative to AES for cgd that has similar security properties
but isn't terrible in software.
Just one comment that nobody has brought up yet..
On Wed, Jun 17, 2020 at 11:36:11PM +0000, Taylor R Campbell wrote:
> * Other existing ciphers.
>
> Our 3DES, Blowfish, CAST128, Camellia, and Skipjack software in the
> kernel also obviously relies on secret-dependent array indices.
> These are not as high a priority because frankly I don't think
> anyone should be using these, and I'd rather get rid of them -- or
> maybe reduce 3DES and Blowfish to decryption only, to read old cgd
> disks -- than spend any other effort on them.
There should probably be a warning if you try to initialize a disk
with any of 3DES, Blowfish, Skipjack at least - just so nobody
ends up using them past their use-by date by mistake.
Camellia can be implemented with instructions designed for AES,
can it not, since it shares its s-boxes? Not a priority by any
means, but worth considering.
Home |
Main Index |
Thread Index |
Old Index