On Fri, Sep 22, 2000 at 11:46:02AM +0200, Gisle Sælensminde wrote:
>
> Since des_ede3(3des) now is added to the international kernel, it will
> probably be a good idea to add support for it in losetup, so here is
> a patch to the kerneli version of util-linux-2.10m / kerneli 2.2.17.3
>
> Since this is crypto-related the patch is found at the URL:
>
> ftp://ftp.ii.uib.no/pub/gisle/kerneli/patch.util-linux.3des
>
>
> DES_EDE3 needs bytes of key data, but ripemd160 used as hash the
> passphrase only provides 20 bytes of key data. To get 24 bytes of key
> data, the an uppercase 'A' is concatenated with the passphrase, and this
> string is hashed to get another 20 bytes of key data. Similar methods is
> used in SSL and SSH to get the session keys from the key exchange.
>
Just curious. Do you know whether this strengthens security at all? I
would guess that the security can not be better than if we used
RIPE-MD320 to hash the passphrase, and that hash is considered to have
the same security as RIPE-MD160.
> I also changed the code to allow all ciphers to use the same code for
> key generation, but everything is kept compatible.
>
Looks sane. Merged it and updated the util-linux patch to 2.10o.
astor
-- Alexander Kjeldaas Mail: astor@fast.no finger astor@master.kernel.org for OpenPGP key. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Sep 22 2000 - 07:42:33 EDT