On Wednesday 28 May 2008 18:58:20 Vesa Jääskeläinen wrote: > Michael Gorven wrote: > > On Wednesday 28 May 2008 18:26:09 Vesa Jääskeläinen wrote: > >> Michael Gorven wrote: > >>> Numerous ciphers and hashes from libgcrypt: Copyright FSF and LGPL 2.1 > >>> AES cipher from Simon's patch: LGPL 2.1 > >> > >> If we are to go with libgcrypt way... why you are not using AES from > >> there? (or is it not available for some reason?) > > > > Because Simon had an AES implementation in his patch already. I can > > replace it with libgcrypt's implementation if necessary. > > My point being that, if we have minimal set of dependencies to elsewhere > it is easier to upgrade code to newer version if there is a need to. > Also now you only have to monitor one software source for changes. Using > more common implementation also benefits for some extra eyes looking at > the code. > > I know that ppl here prefer to write code from scratch, but perhaps in > this case it would be good idea to use another GNU project for > additional code. Security is not the easiest topic in there to write > properly.
I agree. I certainly wasn't going to write my own ciphers! I'll replace the AES implementation with libgcrypt's. Michael -- http://michael.gorven.za.net PGP Key ID 6612FE85 S/MIME Key ID D33AEB31
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
