[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SOFTWARE RELEASE: Caesarion-2



Web-site:
=========

http://www.rcarey.org/cion.html


Changes from version 1
======================

o Fixed a serious reliability bug in RSA_Encrypt.cxx.
  The bug had no security ramifications.
o Fixed a bug in RSA_Encrypt.cxx which could cause an assertion to fail,
  resulting in a core-dump.
  The bug had no security ramifications.
o Switched off termios(4) ICANON, IEXTEN, IXOFF and IXON, in Password() to
  allow use of passwords with control characters, escapes, etc.
o Added the -m option to cion_encrypt(1); functionality:
(a) Direct keyboard input of plaintext message (defeats hard-disk
analysis).
(b) Switches off local echo (defeats CRT surveillance).
o Decided to take the advice of Rick Wash and use a crypto-hash function
  (MD5) on the password used for encrypting the private-key. Four safe
  tricks are used to generate four 128-bit MD5 cryptographic checksums,
  which adds up to a 512-bit key used for the ARC5 cipher. Overall I don't
  think this method makes much difference or alters security. The only
  plus point is that it will slow down any brute-force attempt. Due to this
  alteration private-keys generated with Version 1 of Caesarion are not
  compatible with Version 2 (you would have to regenerate your
  public/private keys).
o Use my own ASSERT() macro to stop core-dumps of possibly sensitive data.
  This should be considered a security fix.



Visit your host, monkey.org