On Tue, May 23, 2006 at 08:37:07PM +0200, The Hog ([EMAIL PROTECTED]) wrote:
> > > Would it be possible to build a kernel that does not contain cryptographic
> > > algorithms? I understand that several cryptographic options can be
> disabled
> > > through "make menuconfig". But, will that be enough or are there crypto
> > > routines in the kernel that cannot be removed?
> >
> > Disable NET and block layer to be able to disable cryptoapi.
> > It can be more fine grained though.
>
> What in the Block layer (support for large block devices and IO schedulers)
> contains crypto?
dm-crypt which is enabled in device drivers -> multiple devices and LVM.
> I assume that only the IPSec related options in the NET layer use crypto?
> Otherwise, this would result in a kernel w/o networking support...
AFAIR, IPv6 and wifi stack need crypto.
> > > Note that disabling cryptographic functionality is not enough, the
> > > cryptographic code may not be compiled and linked into the binary kernel
> > > image at all. Nor may any cryptographic library, kernel or user module
> > > contain cryptographic functionality.
> >
> > Can rot13 algo and userspace utility be considered as "cryptographic
> > library, kernel or user module"?
>
> I don't know if rot13 is considered cryptographic. Does the kernel implement
> rot13?
Kernel does not, but it is popular userspace utility, even if it
contains some cryptographic weaknesses.
> I am assuming that all crypto algo's are implemented as separate module(s)
> which can be left out. Am I correct, or are there modules (e.g. device
> drivers) that implement crypto algo's locally? In other words: how
> monolithic (or spaghetti) is the kernel when it comes to cryptographic
> functions?
If you turn crypto api off, then no moule supporting crypto api can be
loaded. But I can create my own which will encrypt/decrypt block layer
for several hours. Similar things can be done for network traffic.
And I bet Iran hackers can do it too.
> theHog
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
