Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751629AbdITNpO (ORCPT ); Wed, 20 Sep 2017 09:45:14 -0400 Received: from mail.eperm.de ([89.247.134.16]:34830 "EHLO mail.eperm.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751192AbdITNpM (ORCPT ); Wed, 20 Sep 2017 09:45:12 -0400 From: Stephan Mueller To: "Jason A. Donenfeld" Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, kernel-hardening@lists.openwall.com, LKML , David Howells , Eric Biggers , Herbert Xu , Kirill Marinushkin , security@kernel.org, stable@vger.kernel.org Subject: Re: [PATCH v6] security/keys: rewrite all of big_key crypto Date: Wed, 20 Sep 2017 15:45:07 +0200 Message-ID: <2545404.XUVGGHhd0i@tauon.chronox.de> In-Reply-To: References: <1593673.B5xods8kYN@tauon.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 597 Lines: 16 Am Mittwoch, 20. September 2017, 12:52:21 CEST schrieb Jason A. Donenfeld: Hi Jason, > > This sounds incorrect to me. Choosing a fresh, random, one-time-use > 256-bit key and rolling with a zero nonce is a totally legitimate way > of using GCM. There's no possible reuse of the key stream this way. > However, on the off chance that you know what you're talking about, > could you outline the cryptographic attack you have in mind, or if > that's too difficult, simply link to the relevant paper on eprint? http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/Joux_comments.pdf Ciao Stephan