[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secuity of Crypt::RC4

* Nicholas Bamber:

> Please could have someone have a look at #641950? This module was
> packaged as it has been flagged up as a dependency of a new version of
> an existing package. However based upon the comments in the bug report
> it really is something we do not wish to encourage.
> In any case the CPAN module seems to be dead upstream. Should we simply
> adjust the description (and if so what tone should be taken) or should
> the package be removed?

RC4 is used by protocols we might want to implement, so we need the
code.  As far as I understand it, there are relatively safe ways to
use the cipher, even though it is severely broken.

Reply to: