[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
S/W RELEASE: Caesarion v3
- To: ports_(_at_)_openbsd_(_dot_)_org
- Subject: S/W RELEASE: Caesarion v3
- From: Robin Carey <robin_(_at_)_wizardsworks_(_dot_)_org>
- Date: Sun, 29 Sep 2002 15:59:53 -0700 (PDT)
29th September 2002
Caesarion Version 3 released.
NOTE: Caesarion Version 3 deprecates all previous versions. Furthermore,
v3 is not inter-operable with any previous version. If you are using a
previous version of Caesarion, you are advised to upgrade immediately and
regenerate/redistribute keys due to the improvements listed below:
Changes from version 2:
o A further disclaimer was added to the new copyright license.
o Fixed two incorrect assertions in RSA_KeyGen.cxx.
o Use OpenSSL MD5_DIGEST_LENGTH instead of own md5digestLen.
o Don't confirm password entry in cion_encrypt(1) and cion_decrypt(1)
making the software easier/faster to use.
o Various public methods in various classes were moved to protected or
private access (where they should have been in the first place).
o New Entropy.h class which returns raw random data instead of pumping it
through a PRNG; this makes more sense, is faster, and should be more
o The Entropy generation technique has had a massive performance increase
without degrading its security or output quality. The software is much
faster now because of this.
o Performance increase in new Entropy.h class by having a class-wide
Random object (instead of instantiation on every call to Entropy::Stir()).
o A possible security flaw was discovered in the RSA implementation; in
general use of this software it is likely that small (~400 bytes) amounts
of data are encrypted (per chunk), which in turn means that the 4 bytes
used for specifying the data-size will have 2 bytes equal to zero. This
means that an adversary can guess 2 bytes of the original plaintext
message. Whether or not this could be extended to a successful attack is
beyond my cryptography skills/knowledge. Hence, the most sensible thing to
do was to correct this possible problem. Due to the new changes necessary
to correct this possible problem, the software is now faster than it was
o Remove ULong.h from distribution (no longer required).
o Performance increase in Entropy::Ulong().
o Various cleanups.