Actions
Bug #9421
closedcrypt_data() needs to support stronger key derivation
Start date:
03/22/2019
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
All
Description
On 2.5.0 snapshots, if ACB is enabled, the following error is printed in the package install output when it writes config.xml:
*** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.
If ACB is disabled, the error message is not shown.
The writes succeed and backups are made, so it's not fatal.
Updated by Jim Pingle almost 6 years ago
This appears to be from crypt_data(), similar to #9420, so still a syntax issue remaining there.
If you run some data through crypt_data() in the PHP shell, the error is printed there. So it appears fine from the GUI, but not from the console.
Updated by Jim Pingle almost 6 years ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
Updated by Jim Pingle almost 6 years ago
- Subject changed from Error message in package output during write_config() when ACB is enabled to crypt_data() needs to support stronger key derivation
Updated subject to match actual underlying issue. Fix inbound.
Updated by Jim Pingle almost 6 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 6765f83ae75ee99141b2cd68c6e5134a51536e09.
Actions