[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-mit-scheme] [bug #27230] Edwin's support for editing Blowfish-encry
From: |
Taylor R. Campbell |
Subject: |
[Bug-mit-scheme] [bug #27230] Edwin's support for editing Blowfish-encrypted files uses a weak key-derivation function |
Date: |
Wed, 12 Aug 2009 01:33:23 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US) AppleWebKit/525.18 (KHTML, like Gecko, Safari/525.20) OmniWeb/v622.6.1.0.111015 |
URL:
<http://savannah.gnu.org/bugs/?27230>
Summary: Edwin's support for editing Blowfish-encrypted
files uses a weak key-derivation function
Project: MIT/GNU Scheme
Submitted by: riastradh
Submitted on: Wed 12 Aug 2009 01:33:22 GMT
Category: edwin
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Incorrect behavior
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Keywords:
_______________________________________________________
Details:
Edwin maps pass phrases into Blowfish keys by sending them through MD5.
Instead it should use a strong KDF such as bcrypt, scrypt, or at least one of
the PBKDF2 family of KDFs. PBKDF2 is a standard for KDFs, defined in PKCS#5;
bcrypt and scrypt are stronger KDFs, but are not standardized.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?27230>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug-mit-scheme] [bug #27230] Edwin's support for editing Blowfish-encrypted files uses a weak key-derivation function,
Taylor R. Campbell <=