[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM6PR09MB35234C86C0502E1FAAB3A305D2240@AM6PR09MB3523.eurprd09.prod.outlook.com>
Date: Tue, 16 Apr 2019 06:58:20 +0000
From: Pascal Van Leeuwen <pvanleeuwen@...idesecure.com>
To: Paolo Bonzini <pbonzini@...hat.com>, Hao Feng <fenghao@...on.cn>,
'Tom Lendacky ' <thomas.lendacky@....com>,
'Gary Hook ' <gary.hook@....com>,
'Herbert Xu ' <herbert@...dor.apana.org.au>,
"' David S. Miller '" <davem@...emloft.net>,
'Janakarajan Natarajan ' <Janakarajan.Natarajan@....com>,
'Joerg Roedel ' <joro@...tes.org>,
' Radim Krčmář ' <rkrcmar@...hat.com>,
'Thomas Gleixner ' <tglx@...utronix.de>,
'Ingo Molnar ' <mingo@...hat.com>,
'Borislav Petkov ' <bp@...en8.de>,
"' H. Peter Anvin '" <hpa@...or.com>
CC: 'Zhaohui Du ' <duzhaohui@...on.cn>,
'Zhiwei Ying ' <yingzhiwei@...on.cn>,
'Wen Pu ' <puwen@...on.cn>,
"x86@...nel.org" <x86@...nel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 0/6] Add Hygon SEV support
> > Besides that, they are
> > in heavy practical use in mainland China, usually as direct
> replacements
> > for SHA2-256 and AES in whatever protocol or use case you need:
> IPsec,
> > TLS, WPA2, XTS for disk encryption, you name it.
>
> How should that mean anything?
>
Uhm ... no, the fact that something is actually *useful* to potentially
a billion plus people doesn't mean anything ...
> I did educate myself a bit, but I'm not an expert in cryptography, so I
> would like to be sure that these are not another Speck or DUAL-EC-DRBG.
>
Innocent until proven guilty mean anything to you?
> "SM2 is based on ECC(Elliptic Curve Cryptography), and uses a special
> curve" is enough for me to see warning signs, at least without further
> explanations,
>
The specification is public (if you can read Chinese, anyway), so open to
analysis. Either way, it's quite irrelevant to Chinese organisations that
HAVE to use SM2. And anyone else can just decide NOT to use it, you don't
even have to compile it into your kernel. It's called freedom.
> and so does the fact that the initial SM3 values were
> changed from SHA-2 and AFAICT there is no public justification for
> that.
>
Actually, SM3 is an *improvement* on SHA-2, and there has been ample
analysis done on that to, in fact, confirm it's (slightly) better.
So there IS public justification. Don't shout if you don't know the
facts.
Regards,
Pascal
Powered by blists - more mailing lists