From owner-freebsd-arch@FreeBSD.ORG Tue Feb 10 22:18:35 2015 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4FEBA6FC for ; Tue, 10 Feb 2015 22:18:35 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2E514122 for ; Tue, 10 Feb 2015 22:18:35 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id B3BA2216E8; Tue, 10 Feb 2015 14:18:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1423606714; x=1423621114; bh=yHXoTotD+0Vb+2aNbbPOCsfvxyPb0ypyp8WqujJk0IE=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=avq2D1s9wq+pDxu21V7O3b6zA2OqPAMXauFrNhfjPU2a1dN90zHAnh9zAW50H8Ewe LfYOOutlQ7V53lBgT3kJNZVKvfWuek3lUpcOp9qRrulrNsVqoXsdgMoYAp2BWrBL2N WadGldzCUwfKAyMXDru0gd4EAyGroydyKt4H1f1s= Message-ID: <54DA83BA.3010903@delphij.net> Date: Tue, 10 Feb 2015 14:18:34 -0800 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Slawa Olhovchenkov , John-Mark Gurney Subject: Re: removing bdes.. References: <20150210151812.GB67127@zxy.spb.ru> <20150210172039.GA1071@reks> <20150210175240.GD67127@zxy.spb.ru> <20150210175852.GV1953@funkthat.com> <20150210180906.GI3698@zxy.spb.ru> <20150210181916.GY1953@funkthat.com> <20150210183638.GK3698@zxy.spb.ru> <20150210190132.GB1953@funkthat.com> <20150210191329.GL3698@zxy.spb.ru> <20150210194922.GF1953@funkthat.com> <20150210203959.GN3698@zxy.spb.ru> In-Reply-To: <20150210203959.GN3698@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2015 22:18:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/10/15 12:39, Slawa Olhovchenkov wrote: > bdes have exploit? or have bad code (mktmp. fgets)? openssl (with > strong encryption algorithms) full of known expoit. bdes(1) is known broken for certain (rare) encryption modes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=149412 And nobody cared. Its functionality can be implemented using openssl's command line utility, and keep in mind that's an obsolete standard for many years anyways. We don't want to keep multiple implementations of same cryptographic functionality anyways, it's just bad regardless if they are obsolete or not, and bdes(1) have shown exactly why it's bad. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJU2oO2AAoJEJW2GBstM+nsJpwP/jNiZFu/BPDG3ph0YtC9QyEI CPCnaE0D0c/P8qcf5lSlPPeRBsAY7CLNS7YmffbPrJYO1zJvP9+8GmamHiLVRtZ9 mGD2DI+OmWAp8zXwPk3c5/wploHafScXpe3QZA+w1Ryf6m77Lz1T5FjF4D6BKqnb eqNAXyITZovLfU9aiaagEF2bfnr9FnHaa8hALKWqkGDV0ZpHjwxdbACj4uqMyQFC 9Gek2eW9J137UF5nFZ4E+47VtgnkZIZH+04WEbcvf03KTpENhO/17sAG75WDhu9y 7onbIlOH4PkPfhimS4QBz3NhqtguNEwFVLx6TRnCAvfVvEvrPxfOQgtJP1O2wZds WstnSvTYs42Twrb/+ZUPvKRZ/Vu68sg6YagIjiZKoll40pUGqA3KYkdTge/W8/ea FU/TP/rkZ5wxRPFfcfx7KBqVZ2IPfuGFp4d4yOii2lQCh9ry+wI/iwz0GzSgb7LC Y6fc5HXgRWuqLnpiCQzc64RmzVZgwsy7zuH73sgkKpyu8DVrmgD4F26CF0MZNlXp oKBA0irC9TKYx+wc01xJQ3PPY/2EIAawtF0766JQoNlgbqUjBVxC57poRYiOjtgB p3MSO8edDq2rLWjZ6/kFXx1EVlqgo/69UtT+GeOOtsrccmHq34dRjNOwlfalnIpy tz1B8f7CQHFdg9Z4YpJB =oJgm -----END PGP SIGNATURE-----