diff --git a/ChangeLog b/ChangeLog index 8c8756e5..ca8c4608 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,17 +25,17 @@ fwknop-2.5 (//2013): is particularly true for GPG. Beyond this, HMAC authenticated encryption in the encrypt-then-authenticate mode does not suffer from things like CBC-mode padding oracle attacks (see the Vaudenay attack and - the more recent "Lucky 13" attack against SSL). + the more recent "Lucky 13" attack against SSL). HMAC verifications are + performed with a constant time comparison function. - [libfko] Significant bug fix to honor the full encryption key length for user-supplied Rijndael keys > 16 bytes long. Previous to this fix, only the first 16 bytes of a key were actually used in the encryption/ decryption process even if the supplied key was longer. The result was - a weakening of expected security for users that had keys > 16 bytes, - although this is probably not too common. Note that "passphrase" is - perhaps technically a better word for "user-supplied key" in this - context since the actual key is generated with the PBKDF1 key derivation - algorithm. This issue was reported by Michael T. Dean. Closes issue #18 - on github. + a weakening of expected security for users that had keys > 16 bytes. + Note that "passphrase" is perhaps technically a better word for + "user-supplied key" in this context since the actual key is generated + with the PBKDF1 key derivation algorithm. This issue was reported by + Michael T. Dean. Closes issue #18 on github. - [libfko] Added the ability to maintain backwards compatibility with the now deprecated "zero padding" key derivation strategy in AES mode that was a hold over from the old perl fwknop implementation. This is NOT diff --git a/lib/rijndael.c b/lib/rijndael.c index 5c0750d4..451d6a5b 100644 --- a/lib/rijndael.c +++ b/lib/rijndael.c @@ -1,7 +1,7 @@ /* ***************************************************************************** * - * File: rigndael.c + * File: rijndael.c * * Purpose: rijndael - An implementation of the Rijndael cipher. *