[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: loop-AES supported ciphers
From:       Juan Quintela <quintela () mandrakesoft ! com>
Date:       2002-03-01 15:16:19
[Download RAW message or body]

>>>>> "sandy" == Sandy Harris <sandy@storm.ca> writes:

Hi

sandy> Externally loaded ciphers may also be a security weakness. 

And a good option for let people decide if they want/don't want
crypto.

Notice that this is a myth, if one atacant can change your modules, he
can also patch your binary.  When somebody has root on your machine,
the game is over :((((

sandy> Then make them all compile-time options, not externally loaded.

Distributions like to let people choice what they want, if you don't
let it be modules, we are not able to give the option :(((
Notice that _size_ is very important, as there is still not PC that
can boot with anything that is not a floppy.

Notice also that you can compile modules into the kernel if you want,
that means that if they are modules, you can put they are modules or
compiled-in, as your choice, if they can only be compiled-in, you can
compiled them in, or not having them, what means less choice.

Later, Juan.

-- 
In theory, practice and theory are the same, but in practice they 
are different -- Larry McVoy
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]