Re: [PATCH resend][CRYPTO]: RSA algorithm patch

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH resend][CRYPTO]: RSA algorithm patch
Date: Thu, 12 Apr 2007 21:28:54 +0000 (UTC)	[thread overview]
Message-ID: <evm8am$h12$2@taverner.cs.berkeley.edu> (raw)
In-Reply-To: 3630.81.207.0.53.1176380573.squirrel@secure.samage.net

Indan Zupancic wrote:
>On Thu, April 12, 2007 11:35, Satyam Sharma wrote:
>> 1. First, sorry, I don't think an RSA implementation not conforming to
>> PKCS #1 qualifies to be called RSA at all. That is definitely a *must*
>> -- why break strong crypto algorithms such as RSA by implementing them
>> in insecure ways?
>
>It's still RSA, that it's not enough to get a complete and secure crypto
>system doesn't mean it isn't RSA anymore. Maybe you're right and having
>RSA without the rest makes no sense.

Yes, Satyam Sharma is 100% correct.  Unpadded RSA makes no sense.  RSA is
not secure if you omit the padding.  If you have a good reason why RSA
needs to be in the kernel for security reasons, then the padding has to be
in the kernel, too.  Putting plain unpadded RSA in the kernel seems bogus.

I worry about the quality of this patch if it is using unpadded RSA.
This is pretty elementary stuff.  No one should be implementing their
own crypto code unless they have considerable competence and knowledge
of cryptography.  This elementary error leaves reason to be concerned
about whether the developer of this patch has the skills that are needed
to write this kind of code and get it right.

People often take it personally when I tell them that they do are not
competent to write their own crypto code, but this is not a personal
attack.  It takes very specialized knowledge and considerable study
before one can write your own crypto implementation from scratch and
have a good chance that the result will be secure.  People without
those skills shouldn't be writing their own crypto code, at least not
if security is important, because it's too easy to get something wrong.
(No, just reading Applied Cryptography is not good enough.)  My experience
is that code that contains elementary errors like this is also likely
to contain more subtle errors that are harder to spot.  In short, I'm
not getting warm fuzzies here.

And no, you can't just blithely push padding into user space and expect
that to make the security issues go away.  If you are putting the
RSA exponentiation in the kernel because you don't trust user space,
then you have to put the padding in the kernel, too, otherwise you're
vulnerable to attack from evil user space code.

It is also not true that padding schemes change all the time.  They're
fairly stable.  Pick a reasonable modern padding scheme and leave it.

next prev parent reply	other threads:[~2007-04-12 21:33 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-02  9:52 [PATCH resend][CRYPTO]: RSA algorithm patch Tasos Parisinos
2007-04-02 12:27 ` Andi Kleen
2007-04-02 11:50   ` Tasos Parisinos
2007-04-02 13:28     ` Andi Kleen
2007-04-02 15:10       ` Tasos Parisinos
2007-04-02 15:28         ` Andi Kleen
2007-04-03 16:03         ` Pavel Machek
2007-04-04  9:55           ` Tasos Parisinos
2007-04-04 12:01             ` Pavel Machek
2007-04-06 21:30     ` Bill Davidsen
2007-04-06 23:06       ` Indan Zupancic
2007-04-07  3:53         ` Bill Davidsen
2007-04-11 10:14           ` Tasos Parisinos
2007-04-11 14:37             ` Indan Zupancic
2007-04-12  8:34               ` Tasos Parisinos
2007-04-12  9:35                 ` Satyam Sharma
2007-04-12 12:22                   ` Indan Zupancic
2007-04-12 12:40                     ` Andi Kleen
2007-04-12 14:20                     ` Satyam Sharma
2007-04-12 15:01                       ` Indan Zupancic
2007-04-12 18:38                         ` Satyam Sharma
2007-04-12 19:05                           ` Indan Zupancic
2007-04-12 19:57                             ` Satyam Sharma
2007-04-12 20:44                               ` Indan Zupancic
2007-04-12 21:13                                 ` Satyam Sharma
2007-04-12 22:51                                   ` Indan Zupancic
2007-04-12 21:28                     ` David Wagner [this message]
2007-04-12 23:31                       ` Indan Zupancic
2007-04-13 13:56                         ` Tasos Parisinos
2007-04-12 13:09                 ` Indan Zupancic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='evm8am$h12$2@taverner.cs.berkeley.edu' \
    --to=daw@cs.berkeley.edu \
    --cc=daw-usenet@taverner.cs.berkeley.edu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox