[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-crypto
Subject: Re: loop-AES supported ciphers
From: Juan Quintela <quintela () mandrakesoft ! com>
Date: 2002-03-01 15:16:19
[Download RAW message or body]
>>>>> "sandy" == Sandy Harris <sandy@storm.ca> writes:
Hi
sandy> Externally loaded ciphers may also be a security weakness.
And a good option for let people decide if they want/don't want
crypto.
Notice that this is a myth, if one atacant can change your modules, he
can also patch your binary. When somebody has root on your machine,
the game is over :((((
sandy> Then make them all compile-time options, not externally loaded.
Distributions like to let people choice what they want, if you don't
let it be modules, we are not able to give the option :(((
Notice that _size_ is very important, as there is still not PC that
can boot with anything that is not a floppy.
Notice also that you can compile modules into the kernel if you want,
that means that if they are modules, you can put they are modules or
compiled-in, as your choice, if they can only be compiled-in, you can
compiled them in, or not having them, what means less choice.
Later, Juan.
--
In theory, practice and theory are the same, but in practice they
are different -- Larry McVoy
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic