Date: Sat, 18 Feb 2006 08:42:07 +0000 (UTC) From: Aaron Dalton <aaron@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/p5-Crypt-CBC Makefile distinfo Message-ID: <200602180842.k1I8g7Gb006025@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
aaron 2006-02-18 08:42:07 UTC
FreeBSD ports repository
Modified files:
security/p5-Crypt-CBC Makefile distinfo
Log:
- update from v2.15 to v2.17
Approved by: tobez (implicit)
2.17 Mon Jan 9 18:22:51 EST 2006
-IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
using 8 byte IVs when generating the old-style RandomIV style header
(as opposed to the new-style random salt header). This affects data
encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
and is a significant security issue.
The bug has been corrected in versions 2.17 and higher by making it
impossible to use 16-byte block ciphers with RandomIV headers. You may
still read legacy encrypted data by explicitly passing the
-insecure_legacy_decrypt option to Crypt::CBC->new().
-The salt, iv and key are now reset before each complete encryption
cycle. This avoids inadvertent reuse of the same salt.
-A new -header option has been added that allows you to select
among the various types of headers, and avoids the ambiguity
of having multiple interacting options.
-A new random_bytes() method provides access to /dev/urandom on
suitably-equipped hardware.
2.16 Tue Dec 6 14:17:45 EST 2005
- Added two new options to new():
-keysize => <bytes> Force the keysize -- useful for Blowfish
-blocksize => <bytes> Force the blocksize -- not known to be useful
("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with Blowfish)
Revision Changes Path
1.20 +1 -1 ports/security/p5-Crypt-CBC/Makefile
1.10 +3 -3 ports/security/p5-Crypt-CBC/distinfo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602180842.k1I8g7Gb006025>