Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] cryptoloop
  • From: Oliver Tennert <O.Tennert@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 21 Apr 2006 20:24:23 +0200 (CEST)
  • Message-id: <Pine.LNX.4.58.0604212003560.3774@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Fri, 21 Apr 2006, Carl-Daniel Hailfinger wrote:

> Not correct. Last change in drivers/block/cryptoloop.c happended 2005-09-02
> by Herbert Xu. That one however was not crypto related.


>On the other hand,
> the last change in drivers/md/dm-crypt.c happened 2006-03-27 by Andrew Morton.

Which says that dm-crypt IS being maintained, all right?

> Much more notable is that dm-crypt always leaked its key, a bug that was
> only fixed in January 2006. Such a bug is obviously not a sign of quality.

Come on. This key leaking issue is not part of the concept. Such things
are called bugs, and removing them is called
debugging, which IS a sign of quality because it shows that the code is
being constantly object to review and testing.

Would you say the absence of such patches in cryptoloop.c is a sign of
superior quality than this?

> And I wouldn't describe "always leaking the key" as enhanced security either.
> But it surely is an additionaly feature from the attacker's point of view.

I take this as a humorous side, if you don't mind:)

Best regards


________________________________________creating IT solutions

Dr. Oliver Tennert
Senior Solutions Engineer
CAx Professional Services
science + computing ag
phone +49(0)7071 9457-598 Hagellocher Weg 71-75
fax +49(0)7071 9457-411 D-72070 Tuebingen, Germany

< Previous Next >