Re: cgd(4) ciphers

To: tech-security%netbsd.org@localhost
Subject: Re: cgd(4) ciphers
From: Pierre Pronchery <khorben%defora.org@localhost>
Date: Thu, 03 Oct 2013 00:40:42 +0200

                        Hi,

On 30/09/2013 09:37, Jan Danielsson wrote:
> On 9/30/13 9:22 AM, Taylor R Campbell wrote:
> [---]
>> The best two candidates that come to mind are Serpent, which fails
>> only (c) and (d), and Threefish, which seems like a good candidate.
> [---]
>> Thoughts?
> 
>    Yes, oh, yes.
> 
>    But personally, I think that having a good/working root-on-cgd
> solution should be a far higher priority.

Just in case you missed it, and I don't claim it is good (and should
document it) but I have committed a working implementation of
root-on-cgd a few months ago. It uses init.chroot, which I would like to
replace with pivot_root at the very least. See:

http://mail-index.netbsd.org/current-users/2013/03/21/msg022311.html
(most of the problems mentioned here were addressed in the meantime)

http://mail-index.netbsd.org/source-changes/2013/07/thread2.html#045401
(one commit for init, three for amd64, then one more for i386)

I am using this daily on an amd64 laptop, no problem there.

HTH,
-- 
khorben

Follow-Ups:
- root-on-cgd (was: cgd(4) ciphers)
  - From: Jan Danielsson

References:
- cgd(4) ciphers
  - From: Taylor R Campbell
- Re: cgd(4) ciphers
  - From: Jan Danielsson

Prev by Date: Re: cgd(4) ciphers
Next by Date: administrator systemu
Previous by Thread: Re: cgd(4) ciphers
Next by Thread: root-on-cgd (was: cgd(4) ciphers)
Indexes:

Home | Main Index | Thread Index | Old Index