[arch-dev-public] Fw: OpenSSL 0.9.8e has serious bug

Judd Vinet jvinet at zeroflux.org
Thu Apr 19 13:54:42 EDT 2007

Begin forwarded message:

Date: Tue, 17 Apr 2007 23:32:26 -0700
From: "Valient Gough" <valient at gmail.com>
To: jvinet at zeroflux.org
Subject: OpenSSL 0.9.8e has serious bug

I've had reports from a couple users of Arch Linux that EncFS is unable
to access their existing encrypted filesystems after upgrading Arch

The problem is that OpenSSL 0.9.8e has a known problem with Blowfish
encryption which makes it incompatible with any other versions of

EncFS users will not be able to read filesystem which use Blowfish with
key length > 128 bits, and if they create a new filesystem when using
OpenSSL 0.9.8e, then they will not be able to access their filesystem
when using the next release of OpenSSL with that bug fixed.

See: http://cvs.openssl.org/chngview?cn=15978

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://archlinux.org/pipermail/arch-dev-public/attachments/20070419/6143c3a8/attachment.htm>

More information about the arch-dev-public mailing list