r3563 - in /packages/libcrypt-cbc-perl/branches/upstream/current: CBC.pm Changes Crypt-CBC-2.16-vulnerability.txt Crypt::CBC-2.16-vulnerability.txt MANIFEST META.yml README.compatibility

gregoa-guest at users.alioth.debian.org gregoa-guest at users.alioth.debian.org
Sat Sep 2 16:49:44 UTC 2006 

Author: gregoa-guest
Date: Sat Sep  2 16:49:43 2006
New Revision: 3563

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=3563
Log:
Load /tmp/tmp.hCAYYw7682/libcrypt-cbc-perl-2.19 into
packages/libcrypt-cbc-perl/branches/upstream/current.

Added:
    packages/libcrypt-cbc-perl/branches/upstream/current/Crypt-CBC-2.16-vulnerability.txt
Removed:
    packages/libcrypt-cbc-perl/branches/upstream/current/Crypt::CBC-2.16-vulnerability.txt
    packages/libcrypt-cbc-perl/branches/upstream/current/README.compatibility
Modified:
    packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm
    packages/libcrypt-cbc-perl/branches/upstream/current/Changes
    packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST
    packages/libcrypt-cbc-perl/branches/upstream/current/META.yml

Modified: packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm?rev=3563&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm Sat Sep  2 16:49:43 2006
@@ -4,7 +4,7 @@
 use Carp;
 use strict;
 use vars qw($VERSION);
-$VERSION = '2.18';
+$VERSION = '2.19';
 
 use constant RANDOM_DEVICE => '/dev/urandom';
 

Modified: packages/libcrypt-cbc-perl/branches/upstream/current/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/Changes?rev=3563&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/Changes (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/Changes Sat Sep  2 16:49:43 2006
@@ -1,4 +1,11 @@
 Revision history for Perl extension Crypt::CBC.
+2.19    Tue Jul 18 18:39:57 EDT 2006
+	- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under
+	Cygwin
+
+2.18   2006/06/06 23:17:04
+	- added more documentation describing how to achieve compatibility with old encrypted messages
+
 2.17    Mon Jan  9 18:22:51 EST 2006
         -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
 	using 8 byte IVs when generating the old-style RandomIV style header

Added: packages/libcrypt-cbc-perl/branches/upstream/current/Crypt-CBC-2.16-vulnerability.txt
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/Crypt-CBC-2.16-vulnerability.txt?rev=3563&op=file
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/Crypt-CBC-2.16-vulnerability.txt (added)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/Crypt-CBC-2.16-vulnerability.txt Sat Sep  2 16:49:43 2006
@@ -1,0 +1,119 @@
+Perl Module Security Advisory
+
+-------------------------------------------------------------------------------
+   Title: Crypt::CBC ciphertext weakness when using certain block algorithms
+Severity: High
+Versions: All versions <= 2.16.
+    Date: 16 February 2006
+-------------------------------------------------------------------------------
+
+Synopsis
+--------
+
+The Perl Crypt::CBC module versions through 2.16 produce weak
+ciphertext when used with block encryption algorithms with blocksize >
+8 bytes.
+
+Background
+----------
+
+Crypt::CBC implements the Cipher Block Chaining Mode (CBC) [1].  CBC
+allows block ciphers (which encrypt and decrypt chunks of data of a
+fixed block length) to act as though they are stream ciphers capable
+of encrypting and decrypting arbitrary length streams. It does this by
+randomly generating an initialization vector (IV) the same length as
+the cipher's block size. This IV is logically XORed with the first
+block of plaintext prior to encryption. The block is encrypted, and
+the result is used as the IV applied to the next block of plaintext.
+This process is repeated for each block of plaintext.
+
+In order for ciphertext encrypted by Crypt::CBC to be decrypted, the
+receiver must know both the key used to encrypt the data stream and
+the IV that was chosen. Because the IV is not secret, it can safely be
+appended to the encrypted message. The key, of course, is kept in a
+safe place and transmitted to the recipient by some secure means.
+
+Crypt::CBC can generate two types of headers for transmitting the
+IV. The older, deprecated, header type is known as the "RandomIV"
+header, and consists of the 8 byte string "RandomIV" followed by 8
+bytes of IV data. This is the default header generated by Crypt::CBC
+versions through 2.16. The newer, recommended, type of header is known
+as the "Salted" header and consists of the 8 byte string "Salted__"
+followed by an 8 byte salt value. The salt value is used to rederive
+both the encryption key and the IV from a long passphrase provided by
+the user. The Salted header was introduced in version 2.13 and is
+compatible with the CBC header generated by OpenSSL [2].
+
+
+Description
+-----------
+
+The RandomIV style header assumes that the IV will be exactly 8 bytes
+in length. However, the IV must be the same length as the underlying
+cipher's block size, and so this assumption is not correct when using
+ciphers whose block size is greater than 8 bytes. Of the ciphers
+commonly available to Perl developers, only the Rijndael algorithm,
+which uses a 16 byte block size is the primary cipher affected by this
+issue. Rijndael is the cipher that underlies the AES encryption
+standard.
+
+Impact
+------
+
+Ciphertext encrypted with Crypt::CBC using the legacy RandomIV header
+and the Rijndael cipher is not secure. The latter 8 bytes of each
+block are chained using a constant effective IV of null, meaning that
+the ciphertext will be prone to differential cryptanalysis,
+particularly if the same key was used to generate multiple encrypted
+messages. Other >8-byte cipher algorithms will be similarly affected.
+
+The difficulty of breaking data encrypted using this flawed algorithm
+is unknown, but it should be assumed that all information encrypted in
+this way has been, or could someday be, compromised.
+
+Exploits
+--------
+
+There are no active exploits known at this time.
+
+Workaround
+----------
+
+If using Crypt::CBC versions 2.16 and lower, pass the -salt=>1 option
+to Crypt::CBC->new(). This will generate and process IVs correctly for
+ciphers of all length.
+
+Resolution
+----------
+
+Upgrade to Crypt::CBC version 2.17 or higher. This module makes the
+Salted header the default behavior and refuses to encrypt or decrypt
+with non-8 byte block size ciphers when in legacy RandomIV mode.
+
+In order to decrypt ciphertext previously encrypted by pre-2.17
+versions of the software with Rijndael and other >8-byte algorithms,
+Crypt::CBC provides an -insecure_legacy_decrypt option that will allow
+such ciphertext to be decrypted. The default is to refuse to decrypt
+such data.
+
+The most recent version of Crypt::CBC can be downloaded from the
+Comprehensive Perl Archive Network (CPAN; http://www.cpan.org).
+
+Contact
+-------
+
+For further information about this issue, please contact the author of
+Crypt::CBC, Lincoln Stein <lstein at cshl.edu>.
+
+Acknowledgements
+----------------
+
+The author gratefully acknowledges the contribution of Ben
+Laurie<ben at algroup.co.uk>, who correctly identified the issue and
+suggested the resolution.
+
+References
+----------
+
+[1] http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
+[2] http://www.openssl.org/

Modified: packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST?rev=3563&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST Sat Sep  2 16:49:43 2006
@@ -4,8 +4,7 @@
 META.yml			Module meta-data (added by MakeMaker)
 Makefile.PL
 README
-README.compatibility
-Crypt::CBC-2.16-vulnerability.txt
+Crypt-CBC-2.16-vulnerability.txt
 eg/aes.pl
 eg/des.pl
 eg/idea.pl

Modified: packages/libcrypt-cbc-perl/branches/upstream/current/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/META.yml?rev=3563&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/META.yml (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/META.yml Sat Sep  2 16:49:43 2006
@@ -1,7 +1,7 @@
 # http://module-build.sourceforge.net/META-spec.html
 #XXXXXXX This is a prototype!!!  It will change in the future!!! XXXXX#
 name:         Crypt-CBC
-version:      2.18
+version:      2.19
 version_from: CBC.pm
 installdirs:  site
 requires:

More information about the Pkg-perl-cvs-commits mailing list