From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vt@altlinux.org>
Date: Mon, 25 Mar 2019 07:51:31 +0300
From: Vitaly Chikunov <vt@altlinux.org>
To: oss-gost-crypto@lists.altlinux.org
Message-ID: <20190325045131.civnllwnnzh47tge@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
User-Agent: NeoMutt/20171215-106-ac61c7
Subject: [oss-gost-crypto] Fwd: Should we consider removing Streebog from
	the Linux Kernel?
X-BeenThere: oss-gost-crypto@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Open-source aspects of GOST Cryptography
 <oss-gost-crypto@lists.altlinux.org>
List-Id: Open-source aspects of GOST Cryptography
 <oss-gost-crypto.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/oss-gost-crypto>, 
 <mailto:oss-gost-crypto-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/oss-gost-crypto>
List-Post: <mailto:oss-gost-crypto@lists.altlinux.org>
List-Help: <mailto:oss-gost-crypto-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto>, 
 <mailto:oss-gost-crypto-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 04:51:33 -0000
Archived-At: <http://lore.altlinux.org/oss-gost-crypto/20190325045131.civnllwnnzh47tge@altlinux.org/>
List-Archive: <http://lore.altlinux.org/oss-gost-crypto/>

FYI.

----- Forwarded message from Theodore Ts'o <tytso@mit.edu> -----

Date: Mon, 25 Mar 2019 00:45:50 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>, herbert@gondor.apana.org.au, Vitaly Chikunov <vt@altlinux.org>, linux-crypto@vger.kernel.org
Subject: Should we consider removing Streebog from the Linux Kernel?
User-Agent: Mutt/1.10.1 (2018-07-13)

Given the precedent that has been established for removing the SPECK
cipher from the kernel, I wonder if we should be removing Streebog on
the same basis, in light of the following work:

	https://who.paris.inria.fr/Leo.Perrin/pi.html
	https://tosc.iacr.org/index.php/ToSC/article/view/7405

Regards,

						- Ted

-----------

>>From the Cryptography mailing list on metzdowd.com:

From: "perrin.leo@gmail.com" <perrin.leo@gmail.com>
Subject: [Cryptography] New Results on the Russian S-box

Hello everyone,

I have recently sent an e-mail to the CFRG mailing list about my results
on the S-box shared by both of the latest Russian standards in symmetric
crypto and I have been told that it might interest the subscribers of
this mailing list.

In a paper that I am about to present at the Fast Software Encryption
conference, I describe what I claim to be the structure used by the
S-box of the hash function Streebog and the block cipher Kuznyechik.
Their authors never disclosed their design process---and in fact claimed
that it was generated randomly. I established that it is not the case.
More worryingly, the structure they used has a very strong algebraic
structure which, in my opinion, demands a renewed security analysis in
its light. Overall, I would not recommend using these algorithms until
their designers have provided satisfactory explanations about their
S-box choice.

----- End forwarded message -----