[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-recutils] Encryption

From: Daiki Ueno
Subject: Re: [bug-recutils] Encryption
Date: Mon, 26 Aug 2013 11:25:56 +0900
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)

address@hidden (Jose E. Marchesi) writes:

> As we found out during the GHM at Paris, the reason is that between 1.5
> was released and today salt was added to the algorithm which
> crypts/decrypts the stuff.
> I think we should add an ephimeral option for 1.6 to support decryption
> of fields encrypted with 1.5, along with a note in the NEWS file and
> release notes.  What do you think?

To be precise, fields encrypted with 1.5 (non-salted) can be decrypted
with 1.6 (salted), but the opposite is not:

Since the non-salted format may leads to a security issue, I'd rather
suggest to add a way to migrate from the non-salted format to the salted
format, maybe by running recfix --encrypt again?  And yes, a NEWS entry
would also be helpful.

Daiki Ueno

reply via email to

[Prev in Thread] Current Thread [Next in Thread]