Going, going, gone: home-grown crypto in Samba!
Andrew Bartlett
abartlet at samba.org
Wed Dec 11 01:25:55 UTC 2019
I wanted to say a big thanks to everyone working on removing our home-
grown and imported cryptographic code in Samba.
It was with great pleasure that I finally ticked 'met' on the "do not
implement cryptography" section of:
https://bestpractices.coreinfrastructure.org/en/projects/200#security
We now just have AES-CMAC, and only if we don't have a recent enough
GnuTLS, so this will go in time. Perhaps even that could be
reimplemented in terms of raw AES using GnuTLS, I'm not sure, and I'm
not sure the change is worth it.
(I realise we also have MD4, but I don't count that).
So a big thank-you in particular to the team from Red Hat, I've seen
Andreas, Issac and Günther's name on quite a few patches. Thank also
for all the work done adding tests, I know that has been quite tedious.
We should make sure to celebrate this with a WHATSNEW.
(We of course have crypto code in the imported Heimdal, but that is a
different matter. Someone truly brave could try and re-implement that
in terms of gnutls...).
Thanks!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list