From: Herbert Xu Subject: Re: [PATCH] dm-crypt: disable block encryption with arc4 Date: Wed, 10 Feb 2010 07:42:54 +1100 Message-ID: <20100209204254.GB26258@gondor.apana.org.au> References: <20100209073718.GA17612@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: mbroz@redhat.com, linux-crypto@ml.breakpoint.cc, dm-devel@redhat.com, agk@redhat.com, linux-crypto@vger.kernel.org To: Mikulas Patocka Return-path: Received: from rhun.apana.org.au ([64.62.148.172]:53507 "EHLO arnor.apana.org.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752627Ab0BIUnA (ORCPT ); Tue, 9 Feb 2010 15:43:00 -0500 Content-Disposition: inline In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org List-ID: On Tue, Feb 09, 2010 at 09:02:35AM -0500, Mikulas Patocka wrote: > > What is the fix for arc4? Copy the internal state after a key schedule and > restore it with every encryption? arc4 should be a blkcipher, not a cipher. Then it can have an IV which is where thie should be stored. > I think blacklisting "arc4" is better, because it provides a fix now. > Otherwise, people will just keep on arguing what is the "clean" solution > and nothing gets done. The crypto layer makes no guarantee that every algorithm that is available is suitable for a particular application such as disk encryption. FWIW we also export an algorithm called null! People should not be making uninformed choices on crypto algorithms. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt