| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Dec 2017 11:14:54 +0100
From: Stephan Mueller <smueller@...onox.de>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc: Eric Biggers <ebiggers3@...il.com>, linux-fscrypt@...r.kernel.org,
Theodore Ts'o <tytso@....edu>, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net,
linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
Jaegeuk Kim <jaegeuk@...nel.org>,
Michael Halcrow <mhalcrow@...gle.com>,
Paul Crowley <paulcrowley@...gle.com>,
Martin Willi <martin@...ongswan.org>,
David Gstir <david@...ma-star.at>,
"Jason A . Donenfeld" <Jason@...c4.com>,
Eric Biggers <ebiggers@...gle.com>
Subject: Re: [PATCH] fscrypt: add support for ChaCha20 contents encryption
Am Freitag, 8. Dezember 2017, 11:06:31 CET schrieb Ard Biesheuvel:
Hi Ard,
>
> Given how it is not uncommon for counters to be used as IV, this is a
> fundamental flaw that could rear its head in other places as well, so
> I propose we fix this one way (fix the current code) or the other
> (deprecate the current code and create a new chacha20-rfc7539
> blockcipher that uses a 96-bit IV and sets the counter to 0)
Instead of having a complete new implementation of the ChaCha20 cipher, what
about using a specific IV generator for which the kernel crypto API has
already support (see crypto/seqiv.c for example)?
I.e. we have the current ChaCha20 cipher, but use some "rfc7539iv(chacha20)"
cipher mode where that rfc7539iv is the mentioned IV generator that turns the
given IV (sector number?) into the proper IV for ChaCha20.
Ciao
Stephan
Powered by blists - more mailing lists