On Thu, Apr 19, 2007 at 10:54:42AM -0700, Judd Vinet wrote:
Begin forwarded message:
Date: Tue, 17 Apr 2007 23:32:26 -0700 From: "Valient Gough" <valient@gmail.com> To: jvinet@zeroflux.org Subject: OpenSSL 0.9.8e has serious bug
I've had reports from a couple users of Arch Linux that EncFS is unable to access their existing encrypted filesystems after upgrading Arch packages.
The problem is that OpenSSL 0.9.8e has a known problem with Blowfish encryption which makes it incompatible with any other versions of OpenSSL.
EncFS users will not be able to read filesystem which use Blowfish with key length > 128 bits, and if they create a new filesystem when using OpenSSL 0.9.8e, then they will not be able to access their filesystem when using the next release of OpenSSL with that bug fixed.
See: http://cvs.openssl.org/chngview?cn=15978
regards, Valient
Is there anything we, as developers, should be doing about this? Jason