linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Andrew Bartlett <abartlet@samba.org>
Cc: Jeremy Allison <jra@samba.org>, Steve French <smfrench@gmail.com>,
	linux-cifs <linux-cifs@vger.kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	samba-technical <samba-technical@lists.samba.org>,
	David Howells <dhowells@redhat.com>,
	Steve French <sfrench@samba.org>,
	keyrings@vger.kernel.org,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Ard Biesheuvel <ardb@kernel.org>,
	Denis Kenzior <denkenz@gmail.com>
Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash
Date: Wed, 18 Aug 2021 22:18:03 -0700	[thread overview]
Message-ID: <YR3pi9HEbhknJdl6@sol.localdomain> (raw)
In-Reply-To: <d08c99b8550cc48fe04cc9f4cd5eca0532f5733d.camel@samba.org>

On Thu, Aug 19, 2021 at 03:49:14PM +1200, Andrew Bartlett wrote:
> I know neither MD4 nor HMAC-MD5 is not flavour of the month any more,
> with good reason, but we would not want to go with way of NFSv4 which
> is, as I understand it, full Kerberos or bust (so folks choose no
> protection).

I'm not sure you understand how embarrassing it is to still be using these
algorithms.  MD4 has been broken for over 25 years, and better algorithms have
been recommended for 29 years.  Similarly MD5 has been broken for 16 years and
better algorithms have been recommended for 25 years (though granted, HMAC-MD5
is more secure than plain MD5 when properly used).  Meanwhile SHA-2 is 20 years
old and is still considered secure.  So this isn't something that changes every
month -- we're talking about no one bothering to do anything in 30 years.

Of course, if cryptography isn't actually applicable to the use case, then
cryptography shouldn't be used at all.

- Eric

  reply	other threads:[~2021-08-19  5:18 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-18 14:46 Ard Biesheuvel
2021-08-18 14:51 ` Denis Kenzior
2021-08-18 16:10   ` Ard Biesheuvel
2021-08-18 16:23     ` Denis Kenzior
2021-08-18 16:47       ` Steve French
2021-08-18 22:08         ` Jeremy Allison
2021-08-19  3:49           ` Andrew Bartlett
2021-08-19  5:18             ` Eric Biggers [this message]
2021-08-19  5:23               ` Andrew Bartlett
2021-08-18 21:11       ` ronnie sahlberg
2021-08-18 22:10       ` Ard Biesheuvel
2021-08-18 22:22         ` Denis Kenzior
2021-08-18 23:03           ` Steve French
2021-08-19 16:56             ` Denis Kenzior
2021-08-19 10:42     ` Jarkko Sakkinen
2021-08-19 17:10       ` Steve French
2021-08-19 20:54         ` ronnie sahlberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YR3pi9HEbhknJdl6@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=abartlet@samba.org \
    --cc=ardb@kernel.org \
    --cc=denkenz@gmail.com \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jra@samba.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=samba-technical@lists.samba.org \
    --cc=sfrench@samba.org \
    --cc=smfrench@gmail.com \
    --subject='Re: [PATCH 0/2] crypto: remove MD4 generic shash' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).