Re: cvs commit: openssl/crypto/des str2key.c

2002-02-06 Thread Richard Levitte - VMS Whacker 

From: Bodo Moeller <[EMAIL PROTECTED]>

moeller> This looks like an incompatible change (not just a bugfix), so it
moeller> definitely should be documented in CHANGES.  (Or, if compatibility is
moeller> important here, the change should not be done at all.)

I'm a little unsure about how it is "incompatible".  So, the resulting
keys will possibly differ in the last byte.  In what way does that
become a problem (which I assume you mean when you point out the
incompatibility)?

Assar, shall I take your note (that became the CVS log), or do you
want to write it yourself?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/crypto/des str2key.c

2002-02-06 Thread Richard Levitte - VMS Whacker 

From: Bodo Moeller <[EMAIL PROTECTED]>

moeller> If you previously used this function with a string that was mapped to
moeller> a weak key, it will now be mapped to a different key, so decryption
moeller> won't work as expected.  (Arguably you don't need decryption if it was
moeller> a weak key, but it's in incompatibility nevertheless.)

Hmm, quite...  Sorry for not having my brain connected.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/crypto/des str2key.c

2002-02-06 Thread Bodo Moeller 

On Wed, Feb 06, 2002 at 04:40:10PM +0100, Richard Levitte - VMS Whacker wrote:

>> This looks like an incompatible change (not just a bugfix), so it
>> definitely should be documented in CHANGES.  (Or, if compatibility is
>> important here, the change should not be done at all.)

> I'm a little unsure about how it is "incompatible".  So, the resulting
> keys will possibly differ in the last byte.  In what way does that
> become a problem

If you previously used this function with a string that was mapped to
a weak key, it will now be mapped to a different key, so decryption
won't work as expected.  (Arguably you don't need decryption if it was
a weak key, but it's in incompatibility nevertheless.)


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/crypto/des str2key.c

2002-02-06 Thread Bodo Moeller 

On Tue, Feb 05, 2002 at 04:05:48PM +0100, [EMAIL PROTECTED] wrote:

>   Apply one patch from Assar Westerlund <[EMAIL PROTECTED]>:
>   
>   The following patch makes sure that string2key does not use weak DES
>   keys (then making them non-weak by xor:ing with 0xF0).

This looks like an incompatible change (not just a bugfix), so it
definitely should be documented in CHANGES.  (Or, if compatibility is
important here, the change should not be done at all.)


-- 
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]