9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] obsolete cryptographic algorithms
@ 2022-06-04  7:13 sml
  2022-06-04 14:47 ` ori
  0 siblings, 1 reply; 7+ messages in thread
From: sml @ 2022-06-04  7:13 UTC (permalink / raw)
  To: 9front

Hello everyone, 

I am currently trying to understand the implementation of factotum and I noticed that /sys/src/libsec contains some obsolete cryptographic algorithms like sha-1, md4, md5, dsa and des. 

In section 7.4.3.2 of the fqa the manual change from p9sk1 to dp9ik is described and since then, as far as I understand, it is also the new standard where des has been replaced by aes. 

In the list I keep reading about different cleanups, which I greatly appreciate and I'm wondering whether the deprecated crypto algorithms and protocols can be cleaned out as well, or if there is a specific reason to hold on to them. I think if you use very weak crypto, you can do without it directly.

Many thanks in advance for your responses!

Best regards, 
sml

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] obsolete cryptographic algorithms
  2022-06-04  7:13 [9front] obsolete cryptographic algorithms sml
@ 2022-06-04 14:47 ` ori
  2022-06-04 15:26   ` mkf9
  0 siblings, 1 reply; 7+ messages in thread
From: ori @ 2022-06-04 14:47 UTC (permalink / raw)
  To: 9front

Quoth sml <sml@firstpost.pub>:
> 
> In the list I keep reading about different cleanups, which I greatly appreciate and I'm wondering whether the deprecated crypto algorithms and protocols can be cleaned out as well, or if there is a specific reason to hold on to them. I think if you use very weak crypto, you can do without it directly.

Protocols still use them.

For example, grepping for md5 in /sys/src/cmd/auth,
it's used in:

	- HTTPDIGEST (RFC2517)
	- SecurID RADIUS
	- CRAM digests
	- Secstore MAC

Of these, it seems that the only one we fully control
is the secstore protocol -- patches welcome, though
it may be better to kill secstore entirely.

For the others: what external software implements them,
and what other protocols are supported?

To remove them, someone is going to need to go through
protocol by protocol and implement updates, or show that
they are unused.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] obsolete cryptographic algorithms
  2022-06-04 14:47 ` ori
@ 2022-06-04 15:26   ` mkf9
  2022-06-04 15:32     ` ori
  0 siblings, 1 reply; 7+ messages in thread
From: mkf9 @ 2022-06-04 15:26 UTC (permalink / raw)
  To: 9front

> it may be better to kill secstore entirely.
> 

do we have alternatives for secstore,
besides auth/aescbc -d < pass > /mnt/factotum/ctl?


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] obsolete cryptographic algorithms
  2022-06-04 15:26   ` mkf9
@ 2022-06-04 15:32     ` ori
  2022-06-04 15:36       ` ori
  0 siblings, 1 reply; 7+ messages in thread
From: ori @ 2022-06-04 15:32 UTC (permalink / raw)
  To: 9front

Quoth mkf9 <mkf9@riseup.net>:
> > it may be better to kill secstore entirely.
> > 
> 
> do we have alternatives for secstore,
> besides auth/aescbc -d < pass > /mnt/factotum/ctl?
> 

stashfs is a start, but the protocol changes, and nobody
has really scrutinized it.

someone would need to touch a keyboard.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] obsolete cryptographic algorithms
  2022-06-04 15:32     ` ori
@ 2022-06-04 15:36       ` ori
  2022-06-04 16:07         ` Stanley Lieber
  0 siblings, 1 reply; 7+ messages in thread
From: ori @ 2022-06-04 15:36 UTC (permalink / raw)
  To: 9front

Quoth ori@eigenstate.org:
> someone would need to touch a keyboard.

(and not me, I have enough other things that I'd like
to work on; this isn't remotely near the top of my list)


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] obsolete cryptographic algorithms
  2022-06-04 15:36       ` ori
@ 2022-06-04 16:07         ` Stanley Lieber
  2022-06-04 16:12           ` ori
  0 siblings, 1 reply; 7+ messages in thread
From: Stanley Lieber @ 2022-06-04 16:07 UTC (permalink / raw)
  To: 9front

On June 4, 2022 11:36:56 AM EDT, ori@eigenstate.org wrote:
>Quoth ori@eigenstate.org:
>> someone would need to touch a keyboard.
>
>(and not me, I have enough other things that I'd like
>to work on; this isn't remotely near the top of my list)
>
>

maybe we replace secstore before we delete it?

sl

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] obsolete cryptographic algorithms
  2022-06-04 16:07         ` Stanley Lieber
@ 2022-06-04 16:12           ` ori
  0 siblings, 0 replies; 7+ messages in thread
From: ori @ 2022-06-04 16:12 UTC (permalink / raw)
  To: 9front

Quoth Stanley Lieber <sl@stanleylieber.com>:
> On June 4, 2022 11:36:56 AM EDT, ori@eigenstate.org wrote:
> >Quoth ori@eigenstate.org:
> >> someone would need to touch a keyboard.
> >
> >(and not me, I have enough other things that I'd like
> >to work on; this isn't remotely near the top of my list)
> >
> >
> 
> maybe we replace secstore before we delete it?
> 
> sl

to be 100% clear: I'm not proposing any concrete changes.

I'm saying that if you want to delete obsolete algorithms,
secstore is software that would need to change or be
replaced.

patches welcome.


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-06-04 16:13 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-04  7:13 [9front] obsolete cryptographic algorithms sml
2022-06-04 14:47 ` ori
2022-06-04 15:26   ` mkf9
2022-06-04 15:32     ` ori
2022-06-04 15:36       ` ori
2022-06-04 16:07         ` Stanley Lieber
2022-06-04 16:12           ` ori

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).