Subject: ATTENTION CGD(4) USERS - flag day changes coming
To: None <>
From: Daniel Carosone <>
List: tech-security
Date: 03/12/2004 11:22:08
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

There are two (long-standing) issues with cgd(4), that require kernel
or configuration changes and possible user intervention to fix.  The
fixes have been known for some time, but the need for a coordinated
flag day has delayed implementation. The changes need to happen soon -
before the 2.0 branch is made, so that compatibility issues don't span
any releases.  (Once they are made, cgd could also be pulled up to the
1.6 branch, for the same reason).

1) The blowfish cipher has a key length mismatch between cgdconfig(8)
   and the kernel.

   This issue ONLY affects cgd users with the blowfish cipher; it does
   not affect the aes or 3des ciphers.  It is a kernel change that
   will render your old cgd passphrase invalid with new kernels,
   unless special measures are taken.

2) There is an algorithm correctness fix for the pkcs5_pbkdf2 key
   generation method.

   This affects all cgd(4) users with password-based keys.  The likely
   change will correct the algorithm under the existing name,
   and retain the existing code under a new name, eventually to be
   deprecated.  Users would need to edit the cgd params file
   (/etc/cgd/foo) to change the name to the old one, or generate a new
   params file with an xor key for compatibility. This is entirely a
   userspace change in cgdconfig(4).

Please note that neither of these affects the encryption strength of
cgd, other than that mishandling the change could result in incorrect
key generation and unreadable disks.  Hence this message to publicise
the need for user attention.

So far as I am aware, there are very few people actually using the
blowfish cipher with cgd.  I would like to hear from all such users,
so we can coordinate the change and determine how much effort is
required for backwards compatibility.  There are several ways to
provide compatibility, but they're not at all elegant, and we'd prefer
to avoid them if possible.  If there are only a few users affected,
other means might be more appropriate.

Please respond to this mail ASAP if you use cgd with blowfish.  Please
do so privately if it is just to add your name to the list of blowfish

I intend that these changes would be made within the next week or two,
depending on time and number of respondees.  Further notice will be
given before the change, and a kernel version bump will be made.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.4 (NetBSD)