Date: Tue, 10 Feb 2015 21:36:38 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: John-Mark Gurney <jmg@funkthat.com> Cc: arch@FreeBSD.org Subject: Re: removing bdes.. Message-ID: <20150210183638.GK3698@zxy.spb.ru> In-Reply-To: <20150210181916.GY1953@funkthat.com> References: <20150209181502.GF1953@funkthat.com> <20150210151812.GB67127@zxy.spb.ru> <20150210172039.GA1071@reks> <20150210175240.GD67127@zxy.spb.ru> <20150210175852.GV1953@funkthat.com> <20150210180906.GI3698@zxy.spb.ru> <20150210181916.GY1953@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 10, 2015 at 10:19:16AM -0800, John-Mark Gurney wrote:
> Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 21:09 +0300:
> > On Tue, Feb 10, 2015 at 09:58:52AM -0800, John-Mark Gurney wrote:
> >
> > > Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 20:52 +0300:
> > > > On Tue, Feb 10, 2015 at 09:20:39AM -0800, Gleb Kurtsou wrote:
> > > >
> > > > > On (10/02/2015 18:18), Slawa Olhovchenkov wrote:
> > > > > > On Mon, Feb 09, 2015 at 10:15:02AM -0800, John-Mark Gurney wrote:
> > > > > >
> > > > > > > So, I happen to stuble across bdes recently and think we should remove
> > > > > > > it..
> > > > > > >
> > > > > > > I'm fine w/ making it a port so that people who need it can use it...
> > > > > > >
> > > > > > > Especially considering:
> > > > > > > The DES cipher should no longer be considered secure. Please consider
> > > > > > > using a more modern alternative.
> > > > > > >
> > > > > > > Though sadly, that comment was added almost 15 years after DES was
> > > > > > > brute forced by DEEPCrack.
> > > > > >
> > > > > > Clear text also insecure. Do you remove all clear text?
> > > > >
> > > > > This is rather odd argument ;)
> > > > >
> > > > > I'm all for removing it. openssl provides file encryption for those who
> > > > > need it in base.
> > > >
> > > > 3DES remove too? and how to login users with password in 3DES?
> > > > How to migrate old system with 3DES passwords?
> > >
> > > Please stay on topic, this has nothing to do w/ the proposed removal
> > > of the bdes utility..
> >
> > Ah, bdes utility, sorry.
> > But this is only 20K binary and 25K source and 80K documenation.
> > And need to update ed(1) (keep 80K documentation?)
>
> See my other comment on lack of maintaining the utility...
Sorry, I am not understand you point ("someone marked it as insecure" -- right?).
What need to maintaining in this utility?
And what is insecure in this utility?
(As I understanding 'insecure' -- allowing to gain unauthorise access
or execute unapproved action)
> > x Prompt for an encryption key which is used in subsequent reads
> > and writes. If a newline alone is entered as the key, then
> > encryption is turned off. Otherwise, echoing is disabled while a
> > key is read. Encryption/decryption is done using the bdes(1)
> > algorithm.
>
> It turns out that ed has it's own implementation baked in, so removing
> bdes will not effect ed's functionality...
>
> In my search, it looks like I'll take enigma along w/ bdes...
I am talk this not about utility bdes, I am talk about bdes.1 man page
and bdes.ps. I think not good reference to not-existing man page.
May be need to update ed.1?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150210183638.GK3698>