SHA-1 and Git (was Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git)

Darren J Moffat Darren.Moffat at Sun.COM
Tue Aug 25 11:44:38 EDT 2009 

Ben Laurie wrote:
> Perry E. Metzger wrote:
>> Yet another reason why you always should make the crypto algorithms you
>> use pluggable in any system -- you *will* have to replace them some day.
> 
> In order to roll out a new crypto algorithm, you have to roll out new
> software. So, why is anything needed for "pluggability" beyond versioning?

Versioning catches a large part of it, but that alone isn't always 
enough.  Sometimes for on disk formats you need to reserve padding space 
to add larger or differently formatted things later.

Also support for a new crypto algorithm can actually be done without 
changes to the software code if it is "truely" pluggable.

An example from Solaris that is how our IPsec implementation works.  If 
a new algorithm is available via the Solaris crypto framework in many c 
cases were we don't need any code changes to support it, just have the 
end system admin run the ipsecalgs(1M) command to update the IPsec 
protocol number to crypto framework algorithm name mappings (we use 
PKCS#11 style mechanism names that combine algorithm and mode).  The 
Solaris IPSec implementation has no crypto algorithm names in the code 
base at all (we do currently assume CBC mode though but are in the 
process of adding generic CCM, GCM and GMAC support).

Now having said all that the PF_KEY protocol (RFC 2367) between user and 
kernel does know about crypto algorithms.

> It seems to me protocol designers get all excited about this because

Not just on the wire protocols but persistent on disk formats, on disk 
is a much bigger deal.  Consider the case when you have terrabytes of 
data written in the old format and you need to migrate to the new format 
  - you have to support both at the same time.  So not just versioning 
but space padding can be helpful.

-- 
Darren J Moffat

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list