From: "Hanno Böck" <hanno@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs)
Date: Sat, 4 Aug 2018 07:29:47 -0700 [thread overview]
Message-ID: <20180804072947.1f9ac221@computer> (raw)
In-Reply-To: <20180804114328.d4b31c885eba7cb98a1b5fd2@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 1111 bytes --]
Hi,
On Sat, 4 Aug 2018 11:43:28 +0300
Andrew Savchenko <bircoph@gentoo.org> wrote:
> Do you have any evidence that mcrypt should not be used?
Well, PHP was as far as I'm aware its main user and PHP has declared
mcrypt support to be deprecated a while ago.
> Symmetric cryptography is quite conservative and it took years and
> even decades for algorithms and their implementations to become
> trusted, so there is nothing wrong in using good old verified
> software.
When it comes to cipher modes the fact that people use decades old
modes is a problem. See efail for a prominent example, but there
are many less prominent ones.
Look at the mcrypt webpage:
http://mcrypt.sourceforge.net/
Modes of Operation:
CBC
CFB
CTR
ECB
OFB
NCFB
That is a mixture of very insecure (ECB), insecure in most situations
(all others) and totally obscure modes. It doesn't include any
authenticated encryption modes, which in most situations is what you
want to use.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-08-04 14:29 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-23 2:50 [gentoo-dev] Idea for a new project: gentoo-libs Marty E. Plummer
2018-06-23 2:57 ` Marty E. Plummer
2018-06-23 13:05 ` Jonas Stein
2018-08-05 16:55 ` Richard Yao
2018-06-23 7:22 ` Michał Górny
2018-06-23 7:30 ` Marty E. Plummer
2018-06-23 7:37 ` Michał Górny
2018-06-23 10:59 ` Alec Warner
2018-08-05 16:45 ` Richard Yao
2018-08-05 17:01 ` Alec Warner
2018-08-05 17:16 ` M. J. Everitt
2018-08-05 17:24 ` Rich Freeman
2018-08-05 17:31 ` M. J. Everitt
2018-08-05 18:12 ` Richard Yao
2018-08-05 18:35 ` Rich Freeman
2018-08-05 20:49 ` Richard Yao
2018-08-05 18:06 ` Richard Yao
2018-06-23 7:43 ` Mikle Kolyada
2018-06-23 8:15 ` Paweł Hajdan, Jr.
2018-06-23 8:55 ` Marty E. Plummer
2018-06-23 11:06 ` Roy Bamford
2018-06-23 23:52 ` Kent Fredric
2018-06-25 5:59 ` Hanno Böck
2018-06-27 0:03 ` Marty E. Plummer
2018-08-04 8:43 ` mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) Andrew Savchenko
2018-08-04 9:51 ` [gentoo-dev] Re: mcrypt status Martin Vaeth
2018-08-04 10:22 ` Andrew Savchenko
2018-08-04 14:29 ` Hanno Böck [this message]
2018-08-04 15:25 ` mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) Thomas Deutschmann
2018-08-05 4:57 ` Andrew Savchenko
2018-08-04 18:05 ` Marty E. Plummer
2018-08-04 19:22 ` Andrew Savchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180804072947.1f9ac221@computer \
--to=hanno@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox