From owner-freebsd-arch@FreeBSD.ORG Tue Feb 10 18:19:17 2015 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97E1B80B for ; Tue, 10 Feb 2015 18:19:17 +0000 (UTC) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6AD35F2 for ; Tue, 10 Feb 2015 18:19:17 +0000 (UTC) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t1AIJGSt029759 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Feb 2015 10:19:16 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t1AIJGYu029758; Tue, 10 Feb 2015 10:19:16 -0800 (PST) (envelope-from jmg) Date: Tue, 10 Feb 2015 10:19:16 -0800 From: John-Mark Gurney To: Slawa Olhovchenkov Subject: Re: removing bdes.. Message-ID: <20150210181916.GY1953@funkthat.com> References: <20150209181502.GF1953@funkthat.com> <20150210151812.GB67127@zxy.spb.ru> <20150210172039.GA1071@reks> <20150210175240.GD67127@zxy.spb.ru> <20150210175852.GV1953@funkthat.com> <20150210180906.GI3698@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150210180906.GI3698@zxy.spb.ru> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Tue, 10 Feb 2015 10:19:16 -0800 (PST) Cc: arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2015 18:19:17 -0000 Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 21:09 +0300: > On Tue, Feb 10, 2015 at 09:58:52AM -0800, John-Mark Gurney wrote: > > > Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 20:52 +0300: > > > On Tue, Feb 10, 2015 at 09:20:39AM -0800, Gleb Kurtsou wrote: > > > > > > > On (10/02/2015 18:18), Slawa Olhovchenkov wrote: > > > > > On Mon, Feb 09, 2015 at 10:15:02AM -0800, John-Mark Gurney wrote: > > > > > > > > > > > So, I happen to stuble across bdes recently and think we should remove > > > > > > it.. > > > > > > > > > > > > I'm fine w/ making it a port so that people who need it can use it... > > > > > > > > > > > > Especially considering: > > > > > > The DES cipher should no longer be considered secure. Please consider > > > > > > using a more modern alternative. > > > > > > > > > > > > Though sadly, that comment was added almost 15 years after DES was > > > > > > brute forced by DEEPCrack. > > > > > > > > > > Clear text also insecure. Do you remove all clear text? > > > > > > > > This is rather odd argument ;) > > > > > > > > I'm all for removing it. openssl provides file encryption for those who > > > > need it in base. > > > > > > 3DES remove too? and how to login users with password in 3DES? > > > How to migrate old system with 3DES passwords? > > > > Please stay on topic, this has nothing to do w/ the proposed removal > > of the bdes utility.. > > Ah, bdes utility, sorry. > But this is only 20K binary and 25K source and 80K documenation. > And need to update ed(1) (keep 80K documentation?) See my other comment on lack of maintaining the utility... > x Prompt for an encryption key which is used in subsequent reads > and writes. If a newline alone is entered as the key, then > encryption is turned off. Otherwise, echoing is disabled while a > key is read. Encryption/decryption is done using the bdes(1) > algorithm. It turns out that ed has it's own implementation baked in, so removing bdes will not effect ed's functionality... In my search, it looks like I'll take enigma along w/ bdes... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."