archive mirror
 help / color / mirror / Atom feed
From: Tom Talpey <>
To: Ronnie Sahlberg <>,
	linux-cifs <>
Cc: Steve French <>
Subject: Re: Disable key exchange if ARC4 is not available
Date: Wed, 18 Aug 2021 09:18:02 -0400	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 8/18/2021 12:10 AM, Ronnie Sahlberg wrote:
> Steve,
> We depend on ARC4 for generating the encrypted session key in key exchange.
> This patch disables the key exchange/encrypted session key for ntlmssp
> IF the kernel does not have any ARC4 support.
> This allows to build the cifs module even if ARC4 has been removed
> though with a weaker type of NTLMSSP support.

It's a good goal but it seems wrong to downgrade the security
so silently. Wouldn't it be a better approach to select ARC4,
and thereby force the build to succeed or fail? Alternatively,
change the #ifndef ARC4 to a positive option named (for example)
DOWNGRADED_NTLMSSP or something equally foreboding?


  parent reply	other threads:[~2021-08-18 13:18 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-18  4:10 Ronnie Sahlberg
2021-08-18  4:10 ` [PATCH] cifs: disable ntlmssp " Ronnie Sahlberg
2021-08-18 13:18 ` Tom Talpey [this message]
2021-08-18 16:27   ` Disable " ronnie sahlberg
2021-08-18 16:29   ` ronnie sahlberg
2021-08-18 16:51     ` Steve French
2021-08-18 18:33       ` Tom Talpey
2021-08-18 21:04         ` ronnie sahlberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \
    --subject='Re: Disable key exchange if ARC4 is not available' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).