From: "Daniel P. Berrange" <berrange@redhat.com>
To: "Longpeng (Mike)" <longpeng2@huawei.com>
Cc: eblake@redhat.com, armbru@redhat.com, arei.gonglei@huawei.com,
qemu-devel@nongnu.org, wu.wubin@huawei.com,
jianjay.zhou@huawei.com
Subject: Re: [Qemu-devel] [PATCH for-2.9 1/3] crypto: add standard des support
Date: Mon, 5 Dec 2016 11:18:53 +0000 [thread overview]
Message-ID: <20161205111853.GD2498@redhat.com> (raw)
In-Reply-To: <58454B69.4040402@huawei.com>
On Mon, Dec 05, 2016 at 07:11:37PM +0800, Longpeng (Mike) wrote:
> Hi Daniel,
>
> On 2016/12/5 17:18, Daniel P. Berrange wrote:
>
> > On Mon, Dec 05, 2016 at 04:59:38PM +0800, Longpeng(Mike) wrote:
> ......
> >> diff --git a/qapi/crypto.json b/qapi/crypto.json
> >> index 5c9d7d4..d403ab9 100644
> >> --- a/qapi/crypto.json
> >> +++ b/qapi/crypto.json
> >> @@ -75,7 +75,7 @@
> >> { 'enum': 'QCryptoCipherAlgorithm',
> >> 'prefix': 'QCRYPTO_CIPHER_ALG',
> >> 'data': ['aes-128', 'aes-192', 'aes-256',
> >> - 'des-rfb',
> >> + 'des-rfb', 'des',
> >
> > Can we call this '3des' to make it clear that this is Triple-DES and not
> > the single-DES (which des-rfb is)
> >
>
> As the comment in qapi/crypto.json said:
> @des-rfb: RFB specific variant of single DES.
>
> This patch just add the standard single-DES support, not the triple-DES, so I
> think maybe "des" is suitable.
Oh I missed that - QEMU should not support single-DES at all for
cryptodev IMHO. Single DES has been cryptographically broken/useless
for *decades* - way back in 1999, the EFF built a machine that could
brute force single-DES in a mere 56 hours.
Triple-DES is the bare minimum that's acceptable and even that
should only be for legacy usage which can't use a more modern
cipher like AES
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
next prev parent reply other threads:[~2016-12-05 11:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-05 8:59 [Qemu-devel] [PATCH for-2.9 0/3] crypto: add standard des support Longpeng(Mike)
2016-12-05 8:59 ` [Qemu-devel] [PATCH for-2.9 1/3] " Longpeng(Mike)
2016-12-05 9:18 ` Daniel P. Berrange
2016-12-05 9:29 ` Gonglei (Arei)
2016-12-05 16:59 ` Daniel P. Berrange
2016-12-06 1:23 ` Gonglei (Arei)
2016-12-06 9:21 ` Daniel P. Berrange
2016-12-06 9:28 ` Gonglei (Arei)
2016-12-05 11:11 ` Longpeng (Mike)
2016-12-05 11:18 ` Daniel P. Berrange [this message]
2016-12-05 19:15 ` Eric Blake
2016-12-07 0:58 ` Longpeng (Mike)
2016-12-05 8:59 ` [Qemu-devel] [PATCH for-2.9 2/3] cryptodev: switch to standard des Longpeng(Mike)
2016-12-05 9:25 ` Daniel P. Berrange
2016-12-05 8:59 ` [Qemu-devel] [PATCH for-2.9 3/3] tests: crypto: add testcase for standard des(ecb) Longpeng(Mike)
2016-12-05 9:24 ` Daniel P. Berrange
2016-12-05 9:46 ` Longpeng (Mike)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161205111853.GD2498@redhat.com \
--to=berrange@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=jianjay.zhou@huawei.com \
--cc=longpeng2@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=wu.wubin@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.