Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp783460pxb; Wed, 18 Aug 2021 14:12:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxNHLQh6lkIQHjTk107FuyHS7crCM9D3aGraQOLTvET2lKm6XV2xN4WOrjdFjlIpnTGoLYZ X-Received: by 2002:aa7:dc02:: with SMTP id b2mr11911875edu.46.1629321153569; Wed, 18 Aug 2021 14:12:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629321153; cv=none; d=google.com; s=arc-20160816; b=SyvYeepzZS/BIFhArJCQQKHk5l4zeuTRpx+luYWK7HyAAvFW9/Xugq6325U4dNYPEC K9rwCZr5BbBoRAHjpnp1R/Wakm3eKPK7F06uVD1A0oQey0OLHt+7zTLP7vqI+AiWr019 p3uSd8zo30K/+FUXntvpCRc5FLHnwX6c90edBlufw1ZI9tOAZUAjtu4mvTlLPky9821S aRkxoxRoJffxcQBstZBIQ5JaTarearXntpIci5Cuud6OxYnAAE6o88ahCoxaSSKnmCjU lTBDhIm712x3QzDhKNk4gSQmuCtrf923FMNWRb4bEBJDXZQUN9G/vQ1Yz22SuzMXeaf2 xHhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=A2W9lInKV6uRnSkobCnKSB99ghVmraOhSdSTIq8Xdbk=; b=FkPqyPFYiBSK8vBTHgEMXqzPmDWSO6qaLsoglg/EFoUoKpITXjKuDxIu/Yu8+7HPbo m62bMA35wpcXszbiTtzDEbdetrEUEeibyE+zMfXnZ/S3pkBHuIBFlIae6tQ/8VIzJpRt FDpURStBc9On5ScvUX/SXX9/c1DkzzA1huk5rb+9O3mAiaZppR9iCDq6moK1MHNqa8OV 2hr5xYiF4iaNlPpiyVATSc0+AUOLHMU6isPrMyTrXM44ZxnnyqjGtmm8iA65194rxgoP KFNGmuHqbN35CqdgY0B2FX0caf3tlIBS6Kzuj9LQKt1eQsqniq2Igzrr3O3xXXti80D9 mZEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=F4WF04tb; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m15si1026590ejb.569.2021.08.18.14.11.59; Wed, 18 Aug 2021 14:12:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=F4WF04tb; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233807AbhHRVMM (ORCPT + 99 others); Wed, 18 Aug 2021 17:12:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233378AbhHRVML (ORCPT ); Wed, 18 Aug 2021 17:12:11 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70A88C061764; Wed, 18 Aug 2021 14:11:36 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id dj8so5288299edb.2; Wed, 18 Aug 2021 14:11:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=A2W9lInKV6uRnSkobCnKSB99ghVmraOhSdSTIq8Xdbk=; b=F4WF04tbLyf9NeCGnoPZhtLrEWV0wzI7qd/u+HDgpu01tyFj0rL5F0/SlfJ7PfRq/A G7JufzPCpgT8HYzuOu2rUCEsMtaMczx05qCnjQJUPknPM3eL6nsvTg5+kO3K1rnr4KQh xq+D67NDym577xacABbJ3l6jl4aTvUKd7IsvJ/Mqb7IVOYIO/hjcQ5Bs0d/eubXj7CGb NUdvbHHbznWNDlprJlEtx8DSb77lr4/uId7Fv3asjwcSI7ubtOn4NYHR9861W1EeBUkV f5jp0d2u8Eh/ypdp5nhVq9xkgIgmvgBeThtAr6Y38k3sXOKZUA4eln5sbcHcvvoZ2Gb5 Fy3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=A2W9lInKV6uRnSkobCnKSB99ghVmraOhSdSTIq8Xdbk=; b=jgQZOk1PvHCENZ7oZ19OWjI2i65UA8xVF1Oc0SsqnNqN6LBPw2SFE82gdjNjOFkZN7 dq98Rh2Xo2fzGpScQUN47z1bQYcHerpivByPuvPZrlI49ZEfo/1et+M7o+1qVc5TOmx7 bi6QOmimLBIgDv/WuO0SU0OLaEX/vAl0r485KG9uRIfvBvVGphMnU4uRrJ/wIUUMCz8J xGqwkOF7X0e5UVDcLnSQxYNUMbWQgaqw1vLeOtKjL6pse8gUWsldC9SbXWsMjsdrg/LE JZrCGThPtuyxsPxUmWD41mWi8oWyG3/Z72bMKv6D/VrEbr4ax2a/06+9XDGxLQGxI5Bm TmDw== X-Gm-Message-State: AOAM532VYm3Sc4szyS2+KxfNV7aSE+KsmCLnXoxewcxJkLu8HejHaIsZ e+ZhrGbZFEFXvpPYABPrurgtXRtYNoelbevImwE= X-Received: by 2002:a50:ef14:: with SMTP id m20mr12291104eds.209.1629321095024; Wed, 18 Aug 2021 14:11:35 -0700 (PDT) MIME-Version: 1.0 References: <20210818144617.110061-1-ardb@kernel.org> <946591db-36aa-23db-a5c4-808546eab762@gmail.com> <24606605-71ae-f918-b71a-480be7d68e43@gmail.com> In-Reply-To: <24606605-71ae-f918-b71a-480be7d68e43@gmail.com> From: ronnie sahlberg Date: Thu, 19 Aug 2021 07:11:23 +1000 Message-ID: Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash To: Denis Kenzior Cc: Ard Biesheuvel , Linux Crypto Mailing List , Herbert Xu , Eric Biggers , linux-cifs , Steve French , David Howells , keyrings@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Aug 19, 2021 at 2:23 AM Denis Kenzior wrote: > > Hi Ard, > > >> The previous ARC4 removal > >> already caused some headaches [0]. > > > > This is the first time this has been reported on an upstream kernel list. > > > > As you know, I went out of my way to ensure that this removal would > > happen as smoothly as possible, which is why I contributed code to > > both iwd and libell beforehand, and worked with distros to ensure that > > the updated versions would land before the removal of ARC4 from the > > kernel. > > > > It is unfortunate that one of the distros failed to take that into > > account for the backport of a newer kernel to an older distro release, > > but I don't think it is fair to blame that on the process. > > Please don't misunderstand, I don't blame you at all. I was in favor of ARC4 > removal since the kernel AF_ALG implementation was broken and the ell > implementation had to work around that. And you went the extra mile to make > sure the migration was smooth. The reported bug is still a fairly minor > inconvenience in the grand scheme of things. > > But, I'm not in favor of doing the same for MD4... > > > > >> Please note that iwd does use MD4 for MSCHAP > >> and MSCHAPv2 based 802.1X authentication. > >> > > > > Thanks for reporting that. > > > > So what is your timeline for retaining MD4 support in iwd? You are > > aware that it has been broken since 1991, right? Please, consider > > having a deprecation path, so we can at least agree on *some* point in > > time (in 6 months, in 6 years, etc) where we can start culling this > > junk. > > > > That is not something that iwd has any control over though? We have to support > it for as long as there are organizations using TTLS + MD5 or PEAPv0. There > are still surprisingly many today. The same situation exist for cifs. The cifs client depends on md4 in order to authenticate to Windows/Azure/Samba/... cifs servers. And like you we have no control of the servers. Our solution will likely be to fork the md4 code and put a private copy in our module. Maybe you need to do the same. -- ronnie > > Regards, > -Denis