Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp275341pxb; Wed, 18 Aug 2021 22:24:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxq87mqQjBsSCPOeAeUmysl357Qg+9aIARkVGu4t4vv3yU4EG991qCUTv0KHnlw9AvAKKE9 X-Received: by 2002:a17:907:3f14:: with SMTP id hq20mr13686906ejc.370.1629350654635; Wed, 18 Aug 2021 22:24:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629350654; cv=none; d=google.com; s=arc-20160816; b=vVrV3z2C30iFxLeSf1SQKX3T/yQB+uV/Tnyo5r43ih+aNHFUn05mD4JkHkNtcFAagv ra8wVh1J8225rJPoRj8x+6bX7hSOUJO8MIBrlAD5qhQu/9mz1iplhrUDIIHpdQY2Hf67 OHHx4y7D9XCbE1Ub+kA/WsTkLs4QvxPxhOLH3N8zw4ZPbmXClpqF0aa6iMqmSnnDorkZ 1knB+AL1WvhcCpl7lbJnm7Elrgr2JoxyQgfLPxcGM0vL3DqCsNB1S444YU4ccfzoa0TX kq9cazyho8Voh2q5giiny92tqQw8jzk7R4hPW+Rb6lL8YQkvBCbI4IM2H5IlWnWQMLoV 2ahA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=FKXJJR+E/d8HbrkHuWmDXOz37OkPecELRHt/LNShliU=; b=XGjZWXm1JXZn6o6ohn/wwMj5gWCGTrWsWiZMlOKDE7jErlcweMhZyrRcvx5pDY96M1 1W84tPxPJO/A+y3e4OMocfA7VJBoi4npfvZlXQEWOEbUKv8rcQVUtOvWO/52sd/GwGC2 oDX0DKXNQ8c7+GK86dYPlAcg3zRpWxYIMxYbIQ2xjb3G/TbE8d+IrELancfEdHvdfVwr HKhRbwYmMa7HcYS/dZuTU38OAOjxgplqiGt0eV6EQoYMZMxTJ6VUlwFHmQm2Rz+WjEhN xHsv9ZrHuAPZ+UPf8IEFURGY50h4b+q5RIB8S1VqeF+087/4EZahgBZX/dW38S59WRky C1qQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@samba.org header.s=42 header.b=huKyadOm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=samba.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id zn21si2320899ejb.340.2021.08.18.22.23.50; Wed, 18 Aug 2021 22:24:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@samba.org header.s=42 header.b=huKyadOm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=samba.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229796AbhHSFYV (ORCPT + 99 others); Thu, 19 Aug 2021 01:24:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57668 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229451AbhHSFYV (ORCPT ); Thu, 19 Aug 2021 01:24:21 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C4B6C061756; Wed, 18 Aug 2021 22:23:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Date:Cc:To:From:Message-ID; bh=FKXJJR+E/d8HbrkHuWmDXOz37OkPecELRHt/LNShliU=; b=huKyadOm7s+DNRYIGOpDDkpH2S obnwZPzaIGeW7jkSCpclmxk7tQT/XngBfUbT8+0xZ6HngQFeAUK+D1MMpKnOT9w/e6U4rY9ryFvAP lCyyw2cc8ovxUQlT7kszBcF2kwCtdQDGbojJadVLB0Zh9cPv3QvUCutMFgzTkaVFsGKyXN5TAhMGZ OFMLsAbrrEcWD4kdO6o01vjDbcUqUhLBK9XX5RHuRxrj++U5g1bg1rLWzYeigxA7g/KgNjaNtWnhf Mg4w97sc9fc5ohclNm6OGo1x1/UJt5A+HQwt8n1435WwID8SnS9U7lTlbDpvBm0A36PpXMaqMsKyM 5lYPN2Yamatzw3/HcbWAE9SztrFLmGFq3IB4tsH8uX9lWsLCrDg2b0vOK4sewKuQCi+Kx55a/7xz2 rDgu+m7GI41GedbKS+11yCYizWmCF1ct3nALgsPc1Lllf3QU6DbMLpR3TYlpSjCOMDbs0n4563DJi M9lPqnFFf3Hl48nfqp4oQYbi; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mGaWi-0020ip-MC; Thu, 19 Aug 2021 05:23:41 +0000 Message-ID: Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash From: Andrew Bartlett To: Eric Biggers Cc: Jeremy Allison , Steve French , linux-cifs , Herbert Xu , samba-technical , David Howells , Steve French , keyrings@vger.kernel.org, Linux Crypto Mailing List , Ard Biesheuvel , Denis Kenzior Date: Thu, 19 Aug 2021 17:23:30 +1200 In-Reply-To: References: <20210818144617.110061-1-ardb@kernel.org> <946591db-36aa-23db-a5c4-808546eab762@gmail.com> <24606605-71ae-f918-b71a-480be7d68e43@gmail.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5-0ubuntu1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 2021-08-18 at 22:18 -0700, Eric Biggers wrote: > I'm not sure you understand how embarrassing it is to still be using > these > algorithms. MD4 has been broken for over 25 years, and better > algorithms have > been recommended for 29 years. Similarly MD5 has been broken for 16 > years and > better algorithms have been recommended for 25 years (though granted, > HMAC-MD5 > is more secure than plain MD5 when properly used). Meanwhile SHA-2 > is 20 years > old and is still considered secure. So this isn't something that > changes every > month -- we're talking about no one bothering to do anything in 30 > years. > > Of course, if cryptography isn't actually applicable to the use case, > then > cryptography shouldn't be used at all. I'm sorry that Samba - or the Kernel, you could implement whatever is desired between cifs.ko and kcifsd - hasn't gone it alone to build a new peer-to-peer mechanism, but absent a Samba-only solution Microsoft has been asked and has no intention of updating NTLM, so embarrassing or otherwise this is how it is. Thankfully only the HMAC-MD5 step in what you mention is cryptographically significant, the rest are just very lossy compression algorithms. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions