- improved detection of common character sequences
- improved generation of random passphrases with non-default settings
(including expanded range of possible bit sizes)
- code robustness improvements
"ClamAV 0.97.8 addresses several reported potential security bugs.
Thanks to Felix Groebert of the Google Security Team for finding and
reporting these issues."
- fixes in PE and autoit decoding
- off by one malloc in SIS format handler
- minor changes to freshclam
- add error checking in md5 (memcpy etc.)
From Bjorn Ketelaars, ok benoit@
Easy-RSA is a small RSA key management package, based on the openssl
command line tool, that can be found in the easy-rsa subdirectory
of the OpenVPN distribution. While this tool is primarily concerned
with key management for the SSL VPN application space, it can also
be used for building web certificates.
to QOAuth.
kQOAuth is a library written in C++ for Qt that implements the OAuth
1.0 authentication specification RFC 5849 and is based on QOAuth
library. However, QOAuth's approach is improved in some ways.
kQOAuth main features:
* Easy integrated solution for retrieving user authentication and
access token.
* No external dependency to QCA.
* Convenient signals that can be used for easy OAuth authorization
process handling.
* Access to request objects that will wrap request signing and
network access, but still gives possibility for detailed control
of the authentication process for easier integration to existing
application logic.
okay landry@
py-bcrypt is a Python wrapper of OpenBSD's Blowfish password hashing code,
as described in "A Future-Adaptable Password Scheme" by Niels Provos and
David Mazières.
This system hashes passwords using a version of Bruce Schneier's
Blowfish block cipher with modifications designed to raise the cost of
off-line password cracking and frustrate fast hardware implementation.
The computation cost of the algorithm is parametised, so it can be
increased as computers get faster. The intent is to make a compromise
of a password database less likely to result in an attacker gaining
knowledge of the plaintext passwords (e.g. using John the Ripper).
M2Crypto is the most complete Python wrapper for OpenSSL featuring
RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including
AES); SSL functionality to implement clients and servers; HTTPS
extensions to Python's httplib, urllib, and xmlrpclib; unforgeable
HMAC'ing AuthCookies for web session management; FTP/TLS client and
server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An
S/MIME messenger for Zope. M2Crypto can also be used to provide SSL
for Twisted.
with help and ok
sthen@ benoit@
