From owner-freebsd-arch@FreeBSD.ORG Tue Feb 10 18:01:24 2015 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BDFC9225 for ; Tue, 10 Feb 2015 18:01:24 +0000 (UTC) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D956F17 for ; Tue, 10 Feb 2015 18:01:23 +0000 (UTC) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t1AI1Nc4029600 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Feb 2015 10:01:23 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t1AI1Ni6029599; Tue, 10 Feb 2015 10:01:23 -0800 (PST) (envelope-from jmg) Date: Tue, 10 Feb 2015 10:01:23 -0800 From: John-Mark Gurney To: Slawa Olhovchenkov Subject: Re: removing bdes.. Message-ID: <20150210180123.GW1953@funkthat.com> References: <20150209181502.GF1953@funkthat.com> <20150210151812.GB67127@zxy.spb.ru> <20150210174301.GT1953@funkthat.com> <20150210175017.GC67127@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150210175017.GC67127@zxy.spb.ru> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Tue, 10 Feb 2015 10:01:23 -0800 (PST) Cc: arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2015 18:01:24 -0000 Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 20:50 +0300: > On Tue, Feb 10, 2015 at 09:43:01AM -0800, John-Mark Gurney wrote: > > > Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 18:18 +0300: > > > On Mon, Feb 09, 2015 at 10:15:02AM -0800, John-Mark Gurney wrote: > > > > > > > So, I happen to stuble across bdes recently and think we should remove > > > > it.. > > > > > > > > I'm fine w/ making it a port so that people who need it can use it... > > > > > > > > Especially considering: > > > > The DES cipher should no longer be considered secure. Please consider > > > > using a more modern alternative. > > > > > > > > Though sadly, that comment was added almost 15 years after DES was > > > > brute forced by DEEPCrack. > > > > > > Clear text also insecure. Do you remove all clear text? > > > > If I have to answer that question for you, I don't need to respond to > > you... > > > > Once you have a valid argument for keeping it, I'll respond... > > Keeping support for DES encrypting/decrytpting create vulnerability? > or support difficult? What problem resolv removing DES support (and > break compatibility)? Support difficulty is that we have another piece of software that needs to be maintained... Which is already demonstrated that it wasn't maintained as it took 15 years before someone marked it as insecure... As I said in my original email, if they need bdes, they can just install the port... so no compatibility is broken.. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."