Re: michael_mic in crypto api?
Michael Wu [EMAIL PROTECTED] wrote: Simplicity and consistency. Whereas the relatively simple mic part of the TKIP algorithm is in crypto API, the (more important, more complicated) key mixing part is not in crypto api. It is unlikely that either the mic or key mixing part would be used separately or even outside of TKIP/802.11i code, and we don't want to encourage people anyways since they're just bandaids for problems associated with using rc4. Sure, I don't mind either way. I think Jouni wrote this originally, maybe he can share his thoughts with us? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: michael_mic in crypto api?
On Thu, Jul 20, 2006 at 01:39:05AM +1000, Herbert Xu wrote: Michael Wu [EMAIL PROTECTED] wrote: Simplicity and consistency. Whereas the relatively simple mic part of the TKIP algorithm is in crypto API, the (more important, more complicated) key mixing part is not in crypto api. Sure, I don't mind either way. I think Jouni wrote this originally, maybe he can share his thoughts with us? I was more or less told that TKIP implementation cannot be included in the kernel tree before this was moved into crypto api.. I don't really care much where it is, but since it is now in crypto api, it would sound easiest to just keep it there. If someone really wants to move it away from there and into TKIP code in ieee80211/d80211, feel free to do that. However, at least for some time, there are two different TKIP implementations (net/ieee80211 and net/d80211) so this would mean duplicating Michael MIC implementation and I would rather not do that. -- Jouni MalinenPGP id EFC895FA - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: michael_mic in crypto api?
Jouni Malinen [EMAIL PROTECTED] wrote: However, at least for some time, there are two different TKIP implementations (net/ieee80211 and net/d80211) so this would mean duplicating Michael MIC implementation and I would rather not do that. Good point, let's keep it for now. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: michael_mic in crypto api?
On Saturday 15 July 2006 03:37, Herbert Xu wrote: I suppose the question is that what do you gain by moving it out? If all else being equal then it's better to have a standardised interface for accessing it. Simplicity and consistency. Whereas the relatively simple mic part of the TKIP algorithm is in crypto API, the (more important, more complicated) key mixing part is not in crypto api. It is unlikely that either the mic or key mixing part would be used separately or even outside of TKIP/802.11i code, and we don't want to encourage people anyways since they're just bandaids for problems associated with using rc4. -Michael Wu pgpBJ9JRYHM3m.pgp Description: PGP signature
Re: michael_mic in crypto api?
On Thursday 13 July 2006 23:50, Michael Wu wrote: Is there really a point to having michael_mic in crypto api? The only users are 802.11 stacks. I can imagine arc4 being used for other purposes, but michael_mic is very much wireless only. The only advantage of keeping michael_mic in crypto seems to be the testing code. -Michael Wu Err, sent from the wrong address. Opps. Too many email addresses.. -Michael Wu pgpkyd57MLXXf.pgp Description: PGP signature