On Tue, Feb 09, 2010 at 09:02:35AM -0500, Mikulas Patocka wrote: > > What is the fix for arc4? Copy the internal state after a key schedule and > restore it with every encryption?
arc4 should be a blkcipher, not a cipher. Then it can have an IV which is where thie should be stored. > I think blacklisting "arc4" is better, because it provides a fix now. > Otherwise, people will just keep on arguing what is the "clean" solution > and nothing gets done. The crypto layer makes no guarantee that every algorithm that is available is suitable for a particular application such as disk encryption. FWIW we also export an algorithm called null! People should not be making uninformed choices on crypto algorithms. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
