[arch-dev-public] Fw: OpenSSL 0.9.8e has serious bug

Jason Chu jason at archlinux.org
Thu Apr 19 14:06:16 EDT 2007

On Thu, Apr 19, 2007 at 10:54:42AM -0700, Judd Vinet wrote:
> Begin forwarded message:
> Date: Tue, 17 Apr 2007 23:32:26 -0700
> From: "Valient Gough" <valient at gmail.com>
> To: jvinet at zeroflux.org
> Subject: OpenSSL 0.9.8e has serious bug
> I've had reports from a couple users of Arch Linux that EncFS is unable
> to access their existing encrypted filesystems after upgrading Arch
> packages.
> The problem is that OpenSSL 0.9.8e has a known problem with Blowfish
> encryption which makes it incompatible with any other versions of
> OpenSSL.
> EncFS users will not be able to read filesystem which use Blowfish with
> key length > 128 bits, and if they create a new filesystem when using
> OpenSSL 0.9.8e, then they will not be able to access their filesystem
> when using the next release of OpenSSL with that bug fixed.
> See: http://cvs.openssl.org/chngview?cn=15978
> regards,
> Valient

Is there anything we, as developers, should be doing about this?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://archlinux.org/pipermail/arch-dev-public/attachments/20070419/4f3462b3/attachment.pgp>

More information about the arch-dev-public mailing list