Mitsuru KANDA wrote:
>Hello Linux kernel network maintainers,
>
>I'm a member of USAGI project.
>
>
[snip]
>2. Cipher/Digest Algorithms
>
> Supported algorithms:
> Ciphers: DES, 3DES and AES
> Digests: MD5 and SHA1
>
> We use CryptoAPI as cipher/digest algorithm.
> - CryptoAPI
> http://www.kerneli.org/
>
>
Please remove DES as it is insecure. For discussion, see:
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc/politics.html#desnotsecure
From: Sandy Harris <[email protected]>
Date: Sat, 12 Oct 2002 10:11:07 -0700
Please remove DES as it is insecure. For discussion, see:
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc/politics.html#desnotsecure
It's fine for testing purposes, leave it in.
> It's fine for testing purposes, leave it in.
absolutely. it could also be needed for interoperability, or many other
valid uses that might not depend on its sheer strength as a cipher.
"but you shouldn't be interoperating with things that are insecure!"
blah blah blah. that is not the kernel's decision to make. meaningful
security is defined by much more than context-free assertions. warn
against its naive use, avoid it being a default, but allow the clued to
use it easily when it makes sense.
- z