[Pkg-openssl-devel] Bug#327739: Bug#327739: Patch to enable IDEA support
brian m. carlson
sandals at crustytoothpaste.net
Fri Nov 1 23:50:26 UTC 2013
On Fri, Nov 01, 2013 at 10:37:04PM +0100, Kurt Roeckx wrote:
> On Fri, Nov 01, 2013 at 09:22:56PM +0000, brian m. carlson wrote:
> > tags 327739 + patch
> > kthxbye
> >
> > I've attached a patch to add IDEA support. The algorithm is not
> > insecure (unlike MD5 and RC4, which are still compiled in), and somebody
> > might want to use it.
>
> I don't intent to apply this patch. There are things like AES and
> Camellia that can be used instead. The only good reason I can see
> for enabling things is being able to read / talk to old things
> that do support it.
While it's certainly not a common algorithm, nor my first choice, it is
presently considered secure, and OpenSSL is used for much more than just
SSL/TLS. There may also be people who actually want to use it for
legacy reasons as well.
Had it not been patented, I doubt it would have ever been disabled in
the first place.
> Note that MD5 (and SHA-1) only has a problem with collision attacks,
> as far as I know it's still considerd safe against a preimage attack.
> But I would still suggest moving to SHA-2.
RC4 is insecure however it's used, and yet we still enable it. It is
insecure in WEP/WPA, TLS, as a PRNG, and pretty much however else you
slice it. In fact, it's worse than MD5, because there isn't a secure
way to use it, even if you drop the beginning of the keystream.
This is a separate bug, though, which I will open shortly.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20131101/b68a0005/attachment.sig>
More information about the Pkg-openssl-devel
mailing list