| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c0c14ec0-f582-4e26-bc7e-35a26a7ff1ce@kernel.org> Date: Wed, 27 Aug 2025 15:29:23 +0200 From: Krzysztof Kozlowski <krzk@...nel.org> To: Juraj Šarinay <juraj@...inay.com>, netdev@...r.kernel.org Cc: linux-kernel@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, mingo@...nel.org, horms@...nel.org, tglx@...utronix.de Subject: Re: [PATCH net-next v2] net: nfc: nci: Turn data timeout into a module parameter and increase the default On 26/08/2025 01:43, Juraj Šarinay wrote: > An exchange with a NFC target must complete within NCI_DATA_TIMEOUT. > A delay of 700 ms is not sufficient for cryptographic operations on smart > cards. CardOS 6.0 may need up to 1.3 seconds to perform 256-bit ECDH CardOS is the software running on the NFC card, right? If so, why would this be Linux kernel module param? Kernel runtime setup is really independent of what NFC card people will use. I think this should be unconditionally raised or at least bring argument why this should be a module param. > or 3072-bit RSA. To prevent brute-force attacks, passports and similar > documents introduce even longer delays into access control protocols > (BAC/PACE). > > The timeout should be higher, but not too much. The expiration allows > us to detect that a NFC target has disappeared. > > Expose data_timeout as a parameter of nci.ko. Keep the value in uint > nci_data_timeout, set the default to 3 seconds. Point NCI_DATA_TIMEOUT > to the new variable. > > Signed-off-by: Juraj Šarinay <juraj@...inay.com> Best regards, Krzysztof
Powered by blists - more mailing lists