[arch-dev-public] Fw: OpenSSL 0.9.8e has serious bug
Judd Vinet
jvinet at zeroflux.org
Thu Apr 19 13:54:42 EDT 2007
Begin forwarded message:
Date: Tue, 17 Apr 2007 23:32:26 -0700
From: "Valient Gough" <valient at gmail.com>
To: jvinet at zeroflux.org
Subject: OpenSSL 0.9.8e has serious bug
I've had reports from a couple users of Arch Linux that EncFS is unable
to access their existing encrypted filesystems after upgrading Arch
packages.
The problem is that OpenSSL 0.9.8e has a known problem with Blowfish
encryption which makes it incompatible with any other versions of
OpenSSL.
EncFS users will not be able to read filesystem which use Blowfish with
key length > 128 bits, and if they create a new filesystem when using
OpenSSL 0.9.8e, then they will not be able to access their filesystem
when using the next release of OpenSSL with that bug fixed.
See: http://cvs.openssl.org/chngview?cn=15978
regards,
Valient
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://archlinux.org/pipermail/arch-dev-public/attachments/20070419/6143c3a8/attachment.htm>
More information about the arch-dev-public
mailing list