Date: Wed, 11 Feb 2015 01:37:32 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: d@delphij.net Cc: arch@freebsd.org, John-Mark Gurney <jmg@funkthat.com> Subject: Re: removing bdes.. Message-ID: <20150210223732.GO3698@zxy.spb.ru> In-Reply-To: <54DA83BA.3010903@delphij.net> References: <20150210175240.GD67127@zxy.spb.ru> <20150210175852.GV1953@funkthat.com> <20150210180906.GI3698@zxy.spb.ru> <20150210181916.GY1953@funkthat.com> <20150210183638.GK3698@zxy.spb.ru> <20150210190132.GB1953@funkthat.com> <20150210191329.GL3698@zxy.spb.ru> <20150210194922.GF1953@funkthat.com> <20150210203959.GN3698@zxy.spb.ru> <54DA83BA.3010903@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 10, 2015 at 02:18:34PM -0800, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 02/10/15 12:39, Slawa Olhovchenkov wrote: > > bdes have exploit? or have bad code (mktmp. fgets)? openssl (with > > strong encryption algorithms) full of known expoit. > > bdes(1) is known broken for certain (rare) encryption modes: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=149412 Good points, thanks. > And nobody cared. I am need to understand FreeBSD team policy. Before this none will be removed from base. Removed because broken and nobody cares -- I am fully appreciate. Removed because implement weak algorithm -- I am dislike this: next step remove any unencryped and broken compatibility and interoperability (like LibreSSL break LANMAN hash support in OpenLDAP). > Its functionality can be implemented using openssl's command line [not bdes advocate] compatibility tested? (And yes, I am not use bdes, I am only ack for protocol). > utility, and keep in mind that's an obsolete standard for many years > anyways. [not bdes advocate] somebody may have very old archive and need too access. > We don't want to keep multiple implementations of same cryptographic > functionality anyways, it's just bad regardless if they are obsolete > or not, and bdes(1) have shown exactly why it's bad. Yes, I see.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150210223732.GO3698>