Date: Tue, 10 Feb 2015 14:18:34 -0800 From: Xin Li <delphij@delphij.net> To: Slawa Olhovchenkov <slw@zxy.spb.ru>, John-Mark Gurney <jmg@funkthat.com> Cc: arch@freebsd.org Subject: Re: removing bdes.. Message-ID: <54DA83BA.3010903@delphij.net> In-Reply-To: <20150210203959.GN3698@zxy.spb.ru> References: <20150210151812.GB67127@zxy.spb.ru> <20150210172039.GA1071@reks> <20150210175240.GD67127@zxy.spb.ru> <20150210175852.GV1953@funkthat.com> <20150210180906.GI3698@zxy.spb.ru> <20150210181916.GY1953@funkthat.com> <20150210183638.GK3698@zxy.spb.ru> <20150210190132.GB1953@funkthat.com> <20150210191329.GL3698@zxy.spb.ru> <20150210194922.GF1953@funkthat.com> <20150210203959.GN3698@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/10/15 12:39, Slawa Olhovchenkov wrote: > bdes have exploit? or have bad code (mktmp. fgets)? openssl (with > strong encryption algorithms) full of known expoit. bdes(1) is known broken for certain (rare) encryption modes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=149412 And nobody cared. Its functionality can be implemented using openssl's command line utility, and keep in mind that's an obsolete standard for many years anyways. We don't want to keep multiple implementations of same cryptographic functionality anyways, it's just bad regardless if they are obsolete or not, and bdes(1) have shown exactly why it's bad. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJU2oO2AAoJEJW2GBstM+nsJpwP/jNiZFu/BPDG3ph0YtC9QyEI CPCnaE0D0c/P8qcf5lSlPPeRBsAY7CLNS7YmffbPrJYO1zJvP9+8GmamHiLVRtZ9 mGD2DI+OmWAp8zXwPk3c5/wploHafScXpe3QZA+w1Ryf6m77Lz1T5FjF4D6BKqnb eqNAXyITZovLfU9aiaagEF2bfnr9FnHaa8hALKWqkGDV0ZpHjwxdbACj4uqMyQFC 9Gek2eW9J137UF5nFZ4E+47VtgnkZIZH+04WEbcvf03KTpENhO/17sAG75WDhu9y 7onbIlOH4PkPfhimS4QBz3NhqtguNEwFVLx6TRnCAvfVvEvrPxfOQgtJP1O2wZds WstnSvTYs42Twrb/+ZUPvKRZ/Vu68sg6YagIjiZKoll40pUGqA3KYkdTge/W8/ea FU/TP/rkZ5wxRPFfcfx7KBqVZ2IPfuGFp4d4yOii2lQCh9ry+wI/iwz0GzSgb7LC Y6fc5HXgRWuqLnpiCQzc64RmzVZgwsy7zuH73sgkKpyu8DVrmgD4F26CF0MZNlXp oKBA0irC9TKYx+wc01xJQ3PPY/2EIAawtF0766JQoNlgbqUjBVxC57poRYiOjtgB p3MSO8edDq2rLWjZ6/kFXx1EVlqgo/69UtT+GeOOtsrccmHq34dRjNOwlfalnIpy tz1B8f7CQHFdg9Z4YpJB =oJgm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54DA83BA.3010903>