From owner-freebsd-arch@FreeBSD.ORG Tue Feb 10 18:55:29 2015 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BAF0791A for ; Tue, 10 Feb 2015 18:55:29 +0000 (UTC) Received: from pmta1.delivery1.ore.mailhop.org (pmta1.delivery1.ore.mailhop.org [54.191.214.3]) by mx1.freebsd.org (Postfix) with ESMTP id 9934E76D for ; Tue, 10 Feb 2015 18:55:29 +0000 (UTC) Received: from smtp4.ore.mailhop.org (172.31.36.112) by pmta1.delivery1.ore.mailhop.org id hr9a1s20r841 for ; Tue, 10 Feb 2015 18:04:53 +0000 (envelope-from ) Received: from [73.34.117.227] (helo=ilsoft.org) by smtp4.ore.mailhop.org with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from ) id 1YLFB7-0007Zj-PE; Tue, 10 Feb 2015 18:04:53 +0000 Received: from revolution.hippie.lan (revolution.hippie.lan [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id t1AI4p03082753; Tue, 10 Feb 2015 11:04:51 -0700 (MST) (envelope-from ian@freebsd.org) X-Mail-Handler: DuoCircle Outbound SMTP X-Originating-IP: 73.34.117.227 X-Report-Abuse-To: abuse@duocircle.com (see https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information for abuse reporting information) X-MHO-User: U2FsdGVkX18zwIitdkv9iH+31uHxAuMk Message-ID: <1423591491.80968.18.camel@freebsd.org> Subject: Re: removing bdes.. From: Ian Lepore To: Slawa Olhovchenkov Date: Tue, 10 Feb 2015 11:04:51 -0700 In-Reply-To: <20150210175240.GD67127@zxy.spb.ru> References: <20150209181502.GF1953@funkthat.com> <20150210151812.GB67127@zxy.spb.ru> <20150210172039.GA1071@reks> <20150210175240.GD67127@zxy.spb.ru> Content-Type: text/plain; charset="us-ascii" X-Mailer: Evolution 3.12.8 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Cc: arch@FreeBSD.org, John-Mark Gurney X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2015 18:55:29 -0000 On Tue, 2015-02-10 at 20:52 +0300, Slawa Olhovchenkov wrote: > On Tue, Feb 10, 2015 at 09:20:39AM -0800, Gleb Kurtsou wrote: > > > On (10/02/2015 18:18), Slawa Olhovchenkov wrote: > > > On Mon, Feb 09, 2015 at 10:15:02AM -0800, John-Mark Gurney wrote: > > > > > > > So, I happen to stuble across bdes recently and think we should remove > > > > it.. > > > > > > > > I'm fine w/ making it a port so that people who need it can use it... > > > > > > > > Especially considering: > > > > The DES cipher should no longer be considered secure. Please consider > > > > using a more modern alternative. > > > > > > > > Though sadly, that comment was added almost 15 years after DES was > > > > brute forced by DEEPCrack. > > > > > > Clear text also insecure. Do you remove all clear text? > > > > This is rather odd argument ;) > > > > I'm all for removing it. openssl provides file encryption for those who > > need it in base. > > 3DES remove too? and how to login users with password in 3DES? > How to migrate old system with 3DES passwords? 3des != bdes. You sure seem to be working hard to invent a problem with a mundane code cleanup. -- Ian