lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e1037fe6-9cee-488f-8c9f-d5b4a763cb48@leemhuis.info>
Date: Fri, 11 Oct 2024 14:00:47 +0200
From: Thorsten Leemhuis <linux@...mhuis.info>
To: Sami Tolvanen <samitolvanen@...gle.com>
Cc: sedat.dilek@...il.com, Luis Chamberlain <mcgrof@...nel.org>,
 Petr Pavlu <petr.pavlu@...e.com>, Daniel Gomez <da.gomez@...sung.com>,
 linux-modules@...r.kernel.org, Masahiro Yamada <masahiroy@...nel.org>,
 linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build
 errors

On 11.10.24 12:27, Thorsten Leemhuis wrote:
> On 10.10.24 17:52, Sami Tolvanen wrote:
> Thx for your feedback!
>> On Thu, Oct 10, 2024 at 1:57 AM Thorsten Leemhuis <linux@...mhuis.info> wrote:
>>> On 10.10.24 10:42, Sedat Dilek wrote:
>>>> On Thu, Oct 10, 2024 at 10:29 AM Sedat Dilek <sedat.dilek@...il.com> wrote:
>>>>> On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@...mhuis.info> wrote:
>>>>>> On 10.10.24 09:00, Thorsten Leemhuis wrote:
>>
>>> P.S.: Vegard Nossum mentioned in the fediverse that I could also solve
>>> the problem the patch is about by adding "default MODULE_SIG_SHA512" to
>>> the "choice" section; haven't tried that, but that sounds like a better
>>> solution. Will likely give it a try, unless someone brings up unwanted
>>> side effects this might cause.
>>
>> Yes, that would be a much better way to change the default. Overall,
>> moving away from SHA-1 seems like a good idea and SHA-512 feels like a
>> reasonable choice. Luis, do you see any issues with changing the
>> default here?
> 
> So, how do I make such a default choice work without breaking the
> current magic, which looks like this:
> [...]

Ignore that, I was missing something obvious and got mislead by my
brain, sorry for the noise. Will send a updated patch in a few days to
give Luis and others a chance to raise objections reg. switching to SHA512.

Ciao, Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ