1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Incompatibility of keys to older CIPE versions
==============================================
Versions of CIPE before 1.4.0 have a bug in the way the `key' option is
interpreted. It is supposed to be a 128-bit hexadecimal number.
However, earlier versions interpret the digits `a' through `f' as equal
to `1' through `6'. This reduces the effective key space from 16^32 (32
hex digits) to 10^32 (32 decimal digits), or 109 bits. Worse, it
introduces bias in the distribution of bit patterns in the effective
key.
This bug needed to be fixed as soon as it was found. Unfortunately the
fix means that old and new versions of `ciped' will read the same key
parameter differently, in other words: keys are not compatible between
1.4.0 and older when they contain any non-decimal digits.
The solution to make them work again is either to upgrade both ends at
once (recommended), or generate new keys which consist only of decimal
digits. A possible method to generate such a key is
(ps aux|md5sum; ps alx|md5sum) | tr -cd 0-9
If you have no choice but upgrade only one end, and cannot generate new
keys, you can manually edit the configuration file and replace digits
`a' to `f' with digits `1' to `6'. A possible method to do this is
echo $OLD_KEY | tr a-f 1-6
Alternatively, the 1.4 or newer package can be given the option
`--enable-bug-compatible' to `configure' to use the old broken key
parser.
|
