| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <537EEAA6.7000506@freescale.com> Date: Fri, 23 May 2014 09:28:54 +0300 From: Horia Geantă <horia.geanta@...escale.com> To: <nicolas.dichtel@...nd.com>, Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> CC: Lei Xu <Lei.Xu@...escale.com>, Sandeep Malik <Sandeep.Malik@...escale.com>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [RFC ipsec-next] xfrm: make sha256 icv truncation length RFC-compliant On 5/22/2014 7:03 PM, Nicolas Dichtel wrote: > Le 22/05/2014 17:10, Horia Geanta a écrit : >> From: Lei Xu <Lei.Xu@...escale.com> >> >> Currently the sha256 icv truncation length is set to 96bit >> while the length is defined as 128bit in RFC4868. >> This may result in somer errors when working with other IPsec devices >> with the standard truncation length. >> Thus, change the sha256 truncation length from 96bit to 128bit. > The patch was already proposed, but it was kept as-is for userspace > compatibility. > > See: https://lkml.org/lkml/2012/3/7/431 Thanks, somehow I missed that. So this just means bad luck for user space tools (for e.g. ipsec-tools - setkey, racoon - and any other PF_KEY-based tool) that AFAICT cannot override the default truncated icv size, right? Thanks, Horia -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists