It has been pointed out that there is another bug in the signature
verification code of GnuPG.
* This can easily lead to false positives *
All versions of GnuPG released before today are vulnerable!
To check a detached singature you normally do this:
gpg --verify foo.sig foo.txt
The problem here is that someone may replace foo.sig with a standard
signature containing some arbitrary signed text and its signature,
and then modify foo.txt - GnuPG does not detect this - Ooops.
The solution for this problem ist not easy and needs a change in the
semantics of the --verify command: It will not any longer be
possible to do this:
gpg --verify foo.sig <foo.txt
Instead you have to use this
gpg --verify foo.sig - <foo.txt
The difference here is that gpg sees 2 files on the command lines
and thereby knows that it should check a detached signature. We
really need this information and there is no way to avoid that
change, sorry. You should make sure that you never use the first
form, because this will lead to false positives when foo.sig is not
a detached signature - gnupg does detect the other case and warns
you, but this is not sufficient. If you use GnuPG from other
applications, please change it.
ok markus@
Version 3.9, 2000.12.13:
* Updated temporary key generation:
- stunnel is now honoring requested key-lengths correctly,
- temporary key is changed every hour.
* transfer() no longer hangs on some platforms.
Special thanks to Peter Wagemans for the patch.
* Potential security problem with syslog() call fixed.
--
mcrypt is intended to be a replacement of the old unix crypt(1)
under the GNU General Public License. Unix crypt(1) was a popular
file encryption program in unix boxes.
It was based on the Enigma encryption algorithm but it was considerable
trivialized. Since this was not adequate, even for individual privacy
needs, mcrypt was created as a similar program using some modern
block encryption algorithms.
Mcrypt also has a compatibility mode with unix crypt(1) and with
Solaris des(1). It supports all the algorithms and modes found in
libmcrypt and it is very extendable.
At the time writing this, it supports the algorithms: BLOWFISH,
TWOFISH, DES, TripleDES, 3-WAY, SAFER, LOKI97, GOST, RC2, RC6, MARS,
IDEA, RIJNDAEL, SERPENT, CAST, ARCFOUR and WAKE.
Block algorithms are implemented in modes: CFB, CBC, ECB, OFB (8
bit and n bit, where n is the size of the algorithm's block length).
For a brief description of the algorithms and the modes look at the
mcrypt manpage (this may be out of date). In mcrypt it is on the
user to decide which algorithm he considers best for encrypting his
data.
--
libmcrypt is the library which implements all the algorithms and
modes found in mcrypt. It is currently under development but it
seems to work pretty good.
Unlike most encryption libraries libmcrypt does not have everything
(random number generators, hashes, hmac implementation, key exchange,
public key encryption etc.). Libmcrypt only implements an interface
to access block and stream encryption algorithms.
Its purpose was to assist in the development of mcrypt by providing
a uniform interface to access several different encryption algorithms,
so that the main program is independent of the encryption algorithms
and the modes used.
Libmcrypt supports the algorithms: BLOWFISH, TWOFISH, DES, TripleDES,
3-WAY, SAFER-sk64, SAFER-sk128, SAFER+, LOKI97, GOST, RC2, RC6,
MARS, IDEA, RIJNDAEL-128 (AES), RIJNDAEL-192, RIJNDAEL-256, SERPENT,
CAST-128 (known as CAST5), CAST-256, ARCFOUR and WAKE. Block
algorithms can be used in: CBC, ECB, CFB and OFB (8 bit and n bit,
where n is the size of the algorithm's block length).
*** Tuesday, November 21, 2000 -- Dante v1.1.6
o fix a bug related to hostnamelength parsing in server.
Thanks to "Thomas Jarosch" <thomas.jarosch@styletec.de>.
*** Monday, October 16, 2000 -- Dante v1.1.5
o New prototype for gethostbyaddr in RedHat 7.0 added.
First reported by Paul R Streitman <prs@us.ibm.com>.
o RedHat needs libnsl for tcpwrappers to work.
*** Thursday, October 5, 2000 -- Dante v1.1.4
o fix bug affecting clients going through socks v4 servers.
Reported and nicely diagnosed by Jack Keane (jkeane@OpenReach.com).
o increase default listen backlog to 511, based on request by
Doug Hardie (bc979@lafn.org).
*** Monday, September 25, 2000 -- Dante v1.1.3
o some fixes/additions to example/ files.
o HP-UX 11.00 should now work.
Thanks to Malte Cornils <malte@cornils.net> for testing.
o httpproxysupport in client (meaning "socksify" can work
when going through webproxies too).
o expire badmarking on bad/non-working routes/proxyservers after
configured time. Default to never expiring, as in previous
versions. See BADROUTE_EXPIRE in config.h.
o say what address we expected the bindreply to come from in
"unexpected bindreply ..."
o don't close controlconnection if another socket is using it.
Fixes a bug triggered when using the bindextension in certain
cases. Problem reported by Jacques A. Vidrine (n@nectar.com).
o compilation outside source directory fixed, based on patch from
NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>
o bsdi uses elf; NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>
o dlib/hostcache.c now compiled again. First reported by
"Jacques A. Vidrine" <n@nectar.com>
