minor ChangeLog text tweaks and one typo fix

2013-07-17 23:34:37 -04:00 · 2013-07-17 23:34:37 -04:00 · f7a821d082
commit f7a821d082
parent 4b0f0802ee
2 changed files with 8 additions and 8 deletions
--- a/14
+++ b/14
@ -25,17 +25,17 @@ fwknop-2.5 (//2013):
      is particularly true for GPG.  Beyond this, HMAC authenticated
      encryption in the encrypt-then-authenticate mode does not suffer from
      things like CBC-mode padding oracle attacks (see the Vaudenay attack and
-      the more recent "Lucky 13" attack against SSL).
+      the more recent "Lucky 13" attack against SSL).  HMAC verifications are
+      performed with a constant time comparison function.
    - [libfko] Significant bug fix to honor the full encryption key length for
      user-supplied Rijndael keys > 16 bytes long.  Previous to this fix,
      only the first 16 bytes of a key were actually used in the encryption/
      decryption process even if the supplied key was longer.  The result was
-      a weakening of expected security for users that had keys > 16 bytes,
-      although this is probably not too common.  Note that "passphrase" is
-      perhaps technically a better word for "user-supplied key" in this
-      context since the actual key is generated with the PBKDF1 key derivation
-      algorithm.  This issue was reported by Michael T. Dean.  Closes issue #18
-      on github.
+      a weakening of expected security for users that had keys > 16 bytes.
+      Note that "passphrase" is perhaps technically a better word for
+      "user-supplied key" in this context since the actual key is generated
+      with the PBKDF1 key derivation algorithm.  This issue was reported by
+      Michael T. Dean.  Closes issue #18 on github.
    - [libfko] Added the ability to maintain backwards compatibility with the
      now deprecated "zero padding" key derivation strategy in AES mode that
      was a hold over from the old perl fwknop implementation.  This is NOT
--- a/lib/rijndael.c
+++ b/lib/rijndael.c
@ -1,7 +1,7 @@
 /*
 *****************************************************************************
 *
- * File:    rigndael.c
+ * File:    rijndael.c
 *
 * Purpose: rijndael - An implementation of the Rijndael cipher.
 *