[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
- From: Mikulas Patocka <mpatocka redhat com>
- To: Milan Broz <mbroz redhat com>
- Cc: dm-devel redhat com, Sebastian Andrzej Siewior <linux-crypto ml breakpoint cc>, linux-crypto vger kernel org, Alasdair G Kergon <agk redhat com>
- Subject: Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
- Date: Tue, 26 Jan 2010 07:27:18 -0500 (EST)
> >>> This patch disables the use of arc4 on block devices.
> >>
> >> arc4 again. it is simply not a block cipher:-)
> >>
> >> This should be solved inside cryptoAPI and not blacklist it in dm-crypt,
> >> see that thread
> >> http://article.gmane.org/gmane.linux.kernel.cryptoapi/3441
> >
> > I some how remember Herbert saying to test for block size > 1. Wouldn't
> > this be acceptable to block all stream cipher in one go?
>
> yes, I think it is better.
> (...and I just forgot to add that test to dm-crypt after that suggestion.)
>
> Milan
Hmm, there is salsa20 that has block size 1, larger initialization
vectors, and can be used to encrypt disks (although salsa20 doesn't
currently work with dm-crypt, because it doesn't accept "ecb(), cbc(),
etc." chaining modes --- but if you remove the chaining mode manually, it
works).
You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a
cipher can't be used to encrypt disks.
Mikulas
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]