aboutsummaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog2
-rw-r--r--g10/passphrase.c4
2 files changed, 5 insertions, 1 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 4bf4b4601..0d008ca44 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -54,7 +54,7 @@
* keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list.
Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
- (gen_dsa): Use a 256 bit Q for 2048 bit P. Runt to FIPS allowed
+ (gen_dsa): Use a 256 bit Q for 2048 bit P. Round to FIPS allowed
values in non-expert mode.
2009-07-07 Werner Koch <[email protected]>
diff --git a/g10/passphrase.c b/g10/passphrase.c
index d34f5fa92..83a6b0cf8 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -88,6 +88,10 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
count = len2;
}
+ /* Fixme: To avoid DoS attacks by sending an sym-encrypted
+ packet with a very high S2K count, we should either cap
+ the iteration count or CPU seconds based timeout. */
+
/* A little bit complicated because we need a ulong for count. */
while ( count > len2 ) /* maybe iterated+salted */
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-16 09:07:28 +0000