From: Denis Kenzior <denkenz@gmail.com>
To: Steve French <smfrench@gmail.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@kernel.org>,
ronnie sahlberg <ronniesahlberg@gmail.com>,
linux-cifs <linux-cifs@vger.kernel.org>,
Steve French <sfrench@samba.org>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org
Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash
Date: Thu, 19 Aug 2021 11:56:20 -0500 [thread overview]
Message-ID: <a2934f93-e4cf-4cd1-c9c4-fa68dbae9277@gmail.com> (raw)
In-Reply-To: <CAH2r5muUQT5EX0Z=9MFr=QHGaajF5unwnDwib8CN0hbKP7J4Rw@mail.gmail.com>
Hi Steve,
>> But the answer is yes. Both PEAP and TTLS use MSCHAP or MSCHAPv2 in some form.
>> These are commonly used for Username/Password based WPA(2|3)-Enterprise
>> authentication. Think 'eduroam' for example.
>
> Can you give some background here? IIRC MS-CHAPv2 is much worse than
> the NTLMSSP case
What background are you looking for? iwd [0] is a wifi management daemon, so we
implement various EAP [1] and wifi authentication protocols.
> in cifs.ko (where RC4/MD5 is used narrowly). Doesn't MS-CHAPv2 depend on DES?
>
You are quite correct. MSCHAPv2 also uses DES for generating the responses.
EAP with TTLS+MSCHAPv2 and PEAP+MSCHAPv2 are two of the most deployed variants
of WPA-Enterprise authentication using Username + Password.
Deprecating MD4, MD5, SHA1 or DES would be quite disruptive for us. We are
using these through AF_ALG userspace API, so if they're removed, some
combination of kernel + iwd version will break. We went through this with ARC4,
and while that was justified, I don't think the same justification exists for MD4.
[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git
[1] https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
Regards,
-Denis
next prev parent reply other threads:[~2021-08-19 16:56 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-18 14:46 [PATCH 0/2] crypto: remove MD4 generic shash Ard Biesheuvel
2021-08-18 14:46 ` [PATCH 1/2] fs/cifs: Incorporate obsolete MD4 crypto code Ard Biesheuvel
2021-08-18 14:46 ` [PATCH 2/2] crypto: md4 - Remove obsolete algorithm Ard Biesheuvel
2021-08-18 14:51 ` [PATCH 0/2] crypto: remove MD4 generic shash Denis Kenzior
2021-08-18 16:10 ` Ard Biesheuvel
2021-08-18 16:23 ` Denis Kenzior
2021-08-18 16:47 ` Steve French
2021-08-18 22:08 ` Jeremy Allison
2021-08-19 3:49 ` Andrew Bartlett
2021-08-19 5:18 ` Eric Biggers
2021-08-19 5:23 ` Andrew Bartlett
2021-08-18 21:11 ` ronnie sahlberg
2021-08-18 22:10 ` Ard Biesheuvel
2021-08-18 22:22 ` Denis Kenzior
2021-08-18 23:03 ` Steve French
2021-08-19 16:56 ` Denis Kenzior [this message]
2021-08-19 10:42 ` Jarkko Sakkinen
2021-08-19 17:10 ` Steve French
2021-08-19 20:54 ` ronnie sahlberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a2934f93-e4cf-4cd1-c9c4-fa68dbae9277@gmail.com \
--to=denkenz@gmail.com \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=ronniesahlberg@gmail.com \
--cc=sfrench@samba.org \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.