diff options
Diffstat (limited to 'doc/security.rst')
| -rw-r--r-- | doc/security.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/security.rst b/doc/security.rst index 2ab105efd..2a46ca3b2 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -15,6 +15,17 @@ mail please use:: This key can be found in the file ``doc/pgpkey.txt`` or online at https://keybase.io/jacklloyd and on most PGP keyservers. +2017 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* 2017-03-23: Incorrect bcrypt computation + + Botan's implementation of bcrypt password hashing scheme truncated long + passwords at 56 characters, instead of at bcrypt's standard 72 characters + limit. Passwords with lengths between these two bounds could be cracked more + easily than should be the case due to the final password bytes being + ignored. Found and reported by Solar Designer. + 2016 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |