Van de Ven: Deprecating old crypto

Posted Mar 25, 2015 0:25 UTC (Wed) by jeff_marshall (subscriber, #49255)
In reply to: Van de Ven: Deprecating old crypto by epa
Parent article: Van de Ven: Deprecating old crypto

Encryption and decryption are usually defined separately at the block-cipher level, so it would be possible to remove one but not the other.

However, the mode with which the cipher is used may not make this possible. For example, counter mode only uses the block-cipher encryption primitive to implement both encryption and decryption of messages.

At the api/implementation level, the problem tends to be that make_hash (or equivalent) often takes a struct with function pointers to the implementation of the actual cryptographic method. This is done because the decision of which hash function to use is often a result of header parsing (offline case) or session negotiation (online case) and lives in a different module from the code that actually invokes the hash function. If you want to ditch a cipher completely you'd have to either reject it at selection time (more code to inspect for correctness), or remove the cipher completely and give up decryption as well as encryption. Add to the fact that someone might call make_hash() and do memcmp() themselves instead of calling check_hash() while still getting correct results, and automated checking of the source code becomes more difficult.

Van de Ven: Deprecating old crypto

Posted Mar 25, 2015 3:02 UTC (Wed) by ncm (guest, #165) [Link]

It doesn't matter if the code is still there, as long as the public entry points you don't want are gone. Nobody writes crypto calls by accident.

Counter modes only appear in relatively modern cryptosystems, so are not in most of the systems you don't want.