Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp595208pxb; Wed, 18 Aug 2021 09:24:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTDMDUZpW9HlcNvNo7tqw1CcC8/bQNAeiRX4CP4HXMdIjNUjwXQ4xe2xoAEVs3m3UpIo0p X-Received: by 2002:a05:6402:4d1:: with SMTP id n17mr10955743edw.337.1629303860599; Wed, 18 Aug 2021 09:24:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629303860; cv=none; d=google.com; s=arc-20160816; b=VXQArXrXNFWXpyw9l6jcL7A/tQ3hsHKA18mOLNqUBJfUB22M3295LNzg2aUQAtZRFw TpqEN22xfIOyAEYjLi8SensPVocJHhJ2wKdp1rv+rWm58PIim+Q81QOTiowAG66gjfim zSlR2ejqtn+gVhz6+qz3piFiwHjpo7j+Ln7QfymxS7f8swQhvU+z+KLZRFLSFhIBycGE RerD4Et/7/GhVAdsKTuLxGnuCfl8rlBHWNLfIxkSk6lqMDuPpo+ZDEs+SU2JodcLge5Y LVZXaeLTUtEuBmb2ndV0lVNytNDaZUpCQGzeWaGfljaPmlixyTqp1lBsN6Q22GFlbjdg 27Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=gwm8rfWs4pbHZgYeKQ0HHqBYYNUImXQM0xoxK3JFpm8=; b=HOC05ElgdyBwlLUEnqNuFfQxUa0ZPGiLDyXjZ7foPKTKpHLSgQTe4fxNIaGz17eX6U XgKaxJVt8oO5+tQA+9KDRjNKdOvZwDlvsdSAkFyxL0u8Tv63vdt9zb6SCo9v662VCs7H VmuzafGdAwsq9ujlilXGmhLnSSXFcpI8IXwvtnLVOHpgJzmRv2uPovZNOwA5iU4o9VeP eUR1oFVPqbsVVWjknTMyJV6HDCCkg9rcKyxB7PaiRzUAwQn11o9A7dzXrPk5pHuvgyf5 I4zSqoJIqMHQT1WIJERKjoJjyPfXmY4kRg9+ryHnWjLD7K7dbbo7J/0RoRDqfMjyLLtd Fc5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=L6XAtODT; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k2si365243ejo.293.2021.08.18.09.23.49; Wed, 18 Aug 2021 09:24:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=L6XAtODT; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230459AbhHRQYM (ORCPT + 99 others); Wed, 18 Aug 2021 12:24:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229454AbhHRQYK (ORCPT ); Wed, 18 Aug 2021 12:24:10 -0400 Received: from mail-oo1-xc31.google.com (mail-oo1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09218C061764; Wed, 18 Aug 2021 09:23:36 -0700 (PDT) Received: by mail-oo1-xc31.google.com with SMTP id w13-20020a4ad02d0000b029028b14dc4d2dso860169oor.6; Wed, 18 Aug 2021 09:23:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=gwm8rfWs4pbHZgYeKQ0HHqBYYNUImXQM0xoxK3JFpm8=; b=L6XAtODTnyO324V7JB0avpD7yzceJVraqoDh8j0lj+DjUjOH10TmVzdYEwbjmrHSSQ J6kj5xeoCShEHVFbWIczLAIc38d8RlpqqoLCCl8kCP8XAMS3e+BoIqgb+1EoXAL71NN+ /AlbrdWnrKAhgGpXoQBLNLC/fP6O89vurEG/CtZWTsW2ENF4yDUQH1PRS9NSBTkY7lTL eOuCWp3j2Y6Fg2mtENAOLpBBiIz4kKrKGyHRRe7t7ci6ELNcDmuGelwtDColqz8JCqlx zA90aAnbIBOWwc8zNp/2gYCyd/fyJ+4AkUq+u/Xuk/P5N19fWWXy+ilsIFOvVuwqO4oA KviA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=gwm8rfWs4pbHZgYeKQ0HHqBYYNUImXQM0xoxK3JFpm8=; b=R5ZP3tYr630ORfjVfeuRR8qtItG5uKc18CPm8B1xiXrGg6bHm8zdSLmNasxHpOPc6H z04HUU07CeCa42BpNo+cNmvlNpCa04IStsgdmj6pJUzmOHflhJmPwAyBuP8xjb44ZLbe g12YtNcppsv8uTgdyKAcozVL3fuljNHFYJpUOBBujmiUHyTgX/FHYqRgDdrUurTnYecQ CM/pC8c9U8SHSS9ur+G97abXQ1AMXldl7opeeWGELfLXIYb9HO+CX1b41yWVZq7IQbaw pfwqiWBcLbzuU4wr0CpLTL95MqDqiIVD+PQTJArCpavwzL7R/kpDYcMe3p+42faQYSZt LcUw== X-Gm-Message-State: AOAM532Mgmzur4cpU3L0K8X9q26p2t2EOo30ROsVE10fd+Lrn4M/nVTF YTnNvGx1dBqCOAHdeymiliRUJDQsISs= X-Received: by 2002:a4a:3c5c:: with SMTP id p28mr7383242oof.82.1629303815157; Wed, 18 Aug 2021 09:23:35 -0700 (PDT) Received: from [10.0.2.15] (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242]) by smtp.googlemail.com with ESMTPSA id o11sm99190otp.8.2021.08.18.09.23.34 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 18 Aug 2021 09:23:34 -0700 (PDT) Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash To: Ard Biesheuvel Cc: Linux Crypto Mailing List , Herbert Xu , Eric Biggers , ronnie sahlberg , linux-cifs , Steve French , David Howells , keyrings@vger.kernel.org References: <20210818144617.110061-1-ardb@kernel.org> <946591db-36aa-23db-a5c4-808546eab762@gmail.com> From: Denis Kenzior Message-ID: <24606605-71ae-f918-b71a-480be7d68e43@gmail.com> Date: Wed, 18 Aug 2021 11:23:33 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Ard, >> The previous ARC4 removal >> already caused some headaches [0]. > > This is the first time this has been reported on an upstream kernel list. > > As you know, I went out of my way to ensure that this removal would > happen as smoothly as possible, which is why I contributed code to > both iwd and libell beforehand, and worked with distros to ensure that > the updated versions would land before the removal of ARC4 from the > kernel. > > It is unfortunate that one of the distros failed to take that into > account for the backport of a newer kernel to an older distro release, > but I don't think it is fair to blame that on the process. Please don't misunderstand, I don't blame you at all. I was in favor of ARC4 removal since the kernel AF_ALG implementation was broken and the ell implementation had to work around that. And you went the extra mile to make sure the migration was smooth. The reported bug is still a fairly minor inconvenience in the grand scheme of things. But, I'm not in favor of doing the same for MD4... > >> Please note that iwd does use MD4 for MSCHAP >> and MSCHAPv2 based 802.1X authentication. >> > > Thanks for reporting that. > > So what is your timeline for retaining MD4 support in iwd? You are > aware that it has been broken since 1991, right? Please, consider > having a deprecation path, so we can at least agree on *some* point in > time (in 6 months, in 6 years, etc) where we can start culling this > junk. > That is not something that iwd has any control over though? We have to support it for as long as there are organizations using TTLS + MD5 or PEAPv0. There are still surprisingly many today. Regards, -Denis