Re: RFC: Starting a stable kernel series off the 2.6 kernel

From: Bill Davidsen
Date: Sat Dec 10 2005 - 08:46:57 EST

Next message: Dmitry Torokhov: "Re: Device files for keyboard(s)?"
Previous message: Rafael J. Wysocki: "[RFC/RFT] swsusp: image size tunable (was: Re: [PATCH][mm] swsusp: limit image size)"
In reply to: Greg KH: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Next in thread: Douglas McNaught: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rob Landley wrote:

I'm under the impression the problem with cryptoloop is bad cryptography:
http://lwn.net/Articles/67216/

Anybody actually using cryptography with an expoitable weakness needs all the wake-up calls they can get. This is _not_ a case where you want to support old broken crap, that defeats the whole purpose of using cryptography in the first place.

Especially the cryptoloop removal was an intentional decision that the kernel developers made. People raised their objections at the time, and these were taken into consideration when making the decision:
http://kerneltrap.org/node/2433

Re-raising the same objections over and over again when they've already been aired, considered, and rejections is called "whining".

Repeating the same information over and over until it sinks in is called "rote learning." The question is not if cryptoloop is perfect, every crypto seems to fail eventually, recently md5 was cracked, etc. But people have used cryptoloop now, and removing it from the kernel will lock them out of their own data, or prevent them from moving forward. There's no replacement for cryptoloop, so I can't just reconfigure X and still read my 147 DVDs full of business data, or access the current data on 34 laptops around the country.

In most cases CL is not expected to protect against goverment agencies but rather stolen laptops in airports (yes the pros have added MacOS and Linux to their business model) or the occasional lost DVD in the mail. Removing CL is not a hell of a lot better morally than these viruses which encrypt your data and then hold it for ransom, with the price being doing without security fixes in future kernels.

Given that CL has minimal (essentially no) maintenence cost, I wish the ivory tower developers could understand that real people have invested real money in it, and real data in the technology. Since there is no alternative solution offered, CL is far better than no crypto at all, and I wish there were a few more developers who had experience working in the real word.

--
bill davidsen <davidsen@xxxxxxx>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: Device files for keyboard(s)?"
Previous message: Rafael J. Wysocki: "[RFC/RFT] swsusp: image size tunable (was: Re: [PATCH][mm] swsusp: limit image size)"
In reply to: Greg KH: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Next in thread: Douglas McNaught: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]