Re: Cryptography in the kernel (was: Re: Linux 2.5 / 2.6 TODO (preliminary))

From: Julian Squires (
Date: Thu Jun 01 2000 - 22:36:34 EST

On Thu, Jun 01, 2000 at 10:19:21PM -0500, David Marshall wrote:
> Now sure, people can go plow through the source and do this
> themselves, but the average person won't. While some of us might be
> tempted to say that people who don't want to put forth the effort
> shouldn't have the security, the more people who use such security,
> the less conspicuous using it becomes. This is a good thing for those
> of us who really want to secure things.

I think that there are also aspects of the kernel whose security might
be improved through the use of strong cryptographic primitives.
(OpenBSD has been doing some innovative stuff here - it would be worth
learning from their example, IMHO)

If the kernel doesn't have these cryptographic primitives without a
patch, though, it means one must maintain a much larger amount of code
in the international patch (and keep the weaker versions in the main
distribution), which would be a tremendous pain.

> Now enters the argument that weak security is far, far worse than no
> security, because it lulls people into a false sense of security. True
> enough. This begs the question about whether putting the crypto into
> the kernel really *is* a good thing, because sooner or later we're
> going to have hoards of people using it, thinking they're secure, and
> doing boneheaded things which totally compromise their security
> without realizing it. (Examples: putting the key for their encrypted
> filesystem in a plaintext file on the disk, taping it to the monitor,
> using obscenely short passphrases, etc.)

True, but I personally believe that nothing is foolproof, and that the
best we can do is provide the framework which allows for good security
practice, coupled with good documentation.

> Maybe the best deal is to have external patches which people can apply
> if they want the feature. This is supposedly what we have now, but the
> stuff needs to be kept current.

That is something I was going to mention. One big point for putting it
in the kernel is that it would greatly increase awareness about the
crypto code, as currently all the responsibility seems to fall on the
shoulders of a very small number of hard working people. This would
seem to impair its development quite a bit.

 |/|  Julian Squires <>

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:14 EST