Integrated crypto

Robert Connolly cendres at videotron.ca
Sun Mar 28 00:15:37 PST 2004


I've found this:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-12/0082.html

Which leads back to another related url I found the other day. The package is 
recently maintained, looks like obsd copyright, and adds arc4 (rc5-like) 
random number generation to a shared library. Propolice, openssh, mkstemp 
(and many others) can use this auxiliary-random (arandom) because its cheap 
to generate and practically bottomless, opposed to /dev/urandom.

I have a feeling the Gentoo-hardened and Adamantix people would be interested 
in this aswell. Applications would have to be patched for this, and will not 
work on other Linux systems (unless maybe they are staticlly linked), but 
this is already the case with propolice anyway.

I'm not exactly sure why no Linux distros seem to have this already. Its a 
very personalized feature, could almost say 'distro specific'. The only down 
sides I can think of are legal reasons (with crypto), and screwing binary 
compatability. But this could lead the path to getting better crypto into 
libc, such as blowfish for shadow passwds.

Comments?




More information about the hlfs-dev mailing list