Re: [PATCH] Delete cryptoloop

From: Dale Fountain (dpf-lkml_at_fountainbay.com)
Date: 07/22/04

  • Next message: sam_at_ravnborg.org: "Re: [PATCH] delete devfs" 
    Date:	Wed, 21 Jul 2004 23:13:58 -0700 (PDT)
To: "Andrew Morton" <akpm@osdl.org>

    Andrew Morton said:
    > dpf-lkml@fountainbay.com wrote:
    >>
    >> Hopefully someone else will follow up, but I hope I'm somewhat
    >> convincing:
    >
    > Not really ;)
    >
    > Your points can be simplified to "I don't use cryptoloop, but someone else
    > might" and "we shouldn't do this in a stable kernel".
    >

    Well, you're incorrect about my not using cryptoloop. Sorry I wasn't
    convincing enough. :)

    > Well, I want to hear from "someone else". If removing cryptoloop will
    > irritate five people, well, sorry. If it's 5,000 people, well maybe not.
    >

    I don't think you'll get 5000 replies... about anything. ;)

    > Yes, I buy the "stable kernel" principle, but here we have an example
    > where
    > it conflicts with the advancement of the kernel, and we need to make a
    > judgement call.
    >

    I don't buy the "conflicts with the advancement" part, but I'll defer to
    your judgement. ;)

    >
    > Actually, my most serious concern with cryptoloop is the claim that it is
    > insufficiently secure. If this is true then we'd be better off removing
    > the feature altogether rather than (mis)leading our users into thinking
    > that their data is secure.

    I believe 1) the current documentation already notifies people of the
    security issues, 2) there are workarounds, and 3) the replacement has
    security issues of its own.

    Dm-crypt is still unstable, doesn't have all the features of cryptoloop
    (please see my previous message), yet you wish to dump cryptoloop? At
    least cryptoloop is a known quantity.

    Once dm-crypt can be shown to have all the features of the software it's
    meant to _replace_, I'll be more likely to agree. Otherwise, it sounds
    like this decision is being made on a whim.

    Regards,

    Dale Fountain

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: sam_at_ravnborg.org: "Re: [PATCH] delete devfs"

    Relevant Pages

    • Re: 2.6.3-mm1
      ... >> The target already takes an offset into the device, so you have what you want. ... dm-crypt has the same vulnerabilities as cryptoloop? ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: RFC: Starting a stable kernel series off the 2.6 kernel
      ... Ndiswrapper isn't a kernel feature. ... I'm under the impression the problem with cryptoloop is bad cryptography: ... If features were really were deleted in development trees, ... Security fixes are a separate issue. ...
      (Linux-Kernel)
    • Re: [PATCH] Delete cryptoloop
      ... > cryptoloop on a file), and that it is new and potentially buggy. ... Device-Mapper (and thus dm-crypt) can only create mappings on block-devices. ... dm-crypt on top of this loop device. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH] Delete cryptoloop
      ... doesn't have all the features of cryptoloop ... > Once dm-crypt can be shown to have all the features of the software it's ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH] Delete cryptoloop
      ... > Your points can be simplified to "I don't use cryptoloop, ... I'm really surprised that people here argue that dm-crypt doesn't get ... with their valuable data. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)