Project

General

Profile

Actions

Bug #9421

closed

crypt_data() needs to support stronger key derivation

Added by Jim Pingle over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Backup / Restore
Target version:
Start date:
03/22/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
All

Description

On 2.5.0 snapshots, if ACB is enabled, the following error is printed in the package install output when it writes config.xml:

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

If ACB is disabled, the error message is not shown.

The writes succeed and backups are made, so it's not fatal.

Actions #1

Updated by Jim Pingle over 2 years ago

This appears to be from crypt_data(), similar to #9420, so still a syntax issue remaining there.

If you run some data through crypt_data() in the PHP shell, the error is printed there. So it appears fine from the GUI, but not from the console.

Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
Actions #3

Updated by Jim Pingle over 2 years ago

  • Subject changed from Error message in package output during write_config() when ACB is enabled to crypt_data() needs to support stronger key derivation

Updated subject to match actual underlying issue. Fix inbound.

Actions #4

Updated by Jim Pingle over 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF