FEDORA-EPEL-2010-3396 created by thm 13 years ago for Fedora EPEL 5

Update to Botan 1.8.10. These are the release notes:

This release changes a number of aspects of how private keys are encrypted. The default encryption algorithm has changed from 3DES to AES-256; botan has supported AES for this purpose for many years but 3DES was chosen as the default for compatibility with other libraries. However supporting AES should not be a problem any longer in recent libraries, so moving to a safer default seems reasonable. In addition, the default iteration count for PBES1 and PBES2 encryption schemes (which are used primarily to encrypt asymmetric keys like RSA or DSA) has increased from 2048 to 10000, which should make brute force key cracking substantially harder.

The first round of AES now uses a smaller set of lookup tables; this only reduces performance slightly but some timing and cache analysis attacks against AES are substantially harder when AES is implemented this way.

The class known as S2K was renamed PBKDF in 1.9, with a typedef for backwards compatibility. For providing an equivalent forward compatibility path, 1.8.10 includes a typedef for PBKDF and a new accessor function get_pbkdf. It also includes a new interface for deriving keys with a passphrase which takes both the passphrase and desired output length as well as the salt and iteration count; in many cases this call is actually significantly more convenient than the older API.

This update has been submitted for testing by thm.

13 years ago

This update has been pushed to testing

13 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

13 years ago

This update has been submitted for stable by thm.

13 years ago

This update has been pushed to stable

13 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
13 years ago
in testing
13 years ago
in stable
13 years ago

Automated Test Results