Re: AES leaks, cgd ciphers, and vector units in the kernel

To: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Subject: Re: AES leaks, cgd ciphers, and vector units in the kernel
From: nia <nia%NetBSD.org@localhost>
Date: Fri, 19 Jun 2020 20:26:35 +0000

I'm really excited about this patch in general, especially getting
an alternative to AES for cgd that has similar security properties
but isn't terrible in software.

Just one comment that nobody has brought up yet..

On Wed, Jun 17, 2020 at 11:36:11PM +0000, Taylor R Campbell wrote:
> * Other existing ciphers.
> 
>   Our 3DES, Blowfish, CAST128, Camellia, and Skipjack software in the
>   kernel also obviously relies on secret-dependent array indices.
>   These are not as high a priority because frankly I don't think
>   anyone should be using these, and I'd rather get rid of them -- or
>   maybe reduce 3DES and Blowfish to decryption only, to read old cgd
>   disks -- than spend any other effort on them.

There should probably be a warning if you try to initialize a disk
with any of 3DES, Blowfish, Skipjack at least - just so nobody
ends up using them past their use-by date by mistake.

Camellia can be implemented with instructions designed for AES,
can it not, since it shares its s-boxes? Not a priority by any
means, but worth considering.

References:
- AES leaks, cgd ciphers, and vector units in the kernel
  - From: Taylor R Campbell

Prev by Date: Re: AES leaks, cgd ciphers, and vector units in the kernel
Next by Date: Straw proposal: MI kthread vector/fp unit API
Previous by Thread: Re: AES leaks, cgd ciphers, and vector units in the kernel
Next by Thread: Re: AES leaks, cgd ciphers, and vector units in the kernel
Indexes:

Home | Main Index | Thread Index | Old Index