[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SOFTWARE RELEASE: Caesarion-2

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: SOFTWARE RELEASE: Caesarion-2
From: Robin Carey <robin_(_at_)_wizardsworks_(_dot_)_org>
Date: Fri, 13 Sep 2002 06:17:58 -0700 (PDT)
Cc: freebsd-ports_(_at_)_freebsd_(_dot_)_org

Web-site:
=========

http://www.rcarey.org/cion.html


Changes from version 1
======================

o Fixed a serious reliability bug in RSA_Encrypt.cxx.
  The bug had no security ramifications.
o Fixed a bug in RSA_Encrypt.cxx which could cause an assertion to fail,
  resulting in a core-dump.
  The bug had no security ramifications.
o Switched off termios(4) ICANON, IEXTEN, IXOFF and IXON, in Password() to
  allow use of passwords with control characters, escapes, etc.
o Added the -m option to cion_encrypt(1); functionality:
(a) Direct keyboard input of plaintext message (defeats hard-disk
analysis).
(b) Switches off local echo (defeats CRT surveillance).
o Decided to take the advice of Rick Wash and use a crypto-hash function
  (MD5) on the password used for encrypting the private-key. Four safe
  tricks are used to generate four 128-bit MD5 cryptographic checksums,
  which adds up to a 512-bit key used for the ARC5 cipher. Overall I don't
  think this method makes much difference or alters security. The only
  plus point is that it will slow down any brute-force attempt. Due to this
  alteration private-keys generated with Version 1 of Caesarion are not
  compatible with Version 2 (you would have to regenerate your
  public/private keys).
o Use my own ASSERT() macro to stop core-dumps of possibly sensitive data.
  This should be considered a security fix.

Prev by Date: *****SPAM***** [광고] 서두르세요!!
Next by Date: Re: New: games/maelstrom-sdl
Previous by thread: *****SPAM***** [광고] 서두르세요!!
Next by thread: Re: SOFTWARE RELEASE: Caesarion-2
Index(es):
- Date
- Thread

Visit your host, monkey.org