Re: secuity of Crypt::RC4

To: Nicholas Bamber <nicholas@periapt.co.uk>
Cc: security@debian.org, Debian Perl List <debian-perl@lists.debian.org>, 641950@bugs.debian.org
Subject: Re: secuity of Crypt::RC4
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 18 Sep 2011 15:11:06 +0200
Message-id: <[🔎] 87obyi2dxx.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 4E759DCE.1000804@periapt.co.uk> (Nicholas Bamber's message of "Sun, 18 Sep 2011 08:29:18 +0100")
References: <[🔎] 4E759DCE.1000804@periapt.co.uk>

* Nicholas Bamber:

> Please could have someone have a look at #641950? This module was
> packaged as it has been flagged up as a dependency of a new version of
> an existing package. However based upon the comments in the bug report
> it really is something we do not wish to encourage.
> In any case the CPAN module seems to be dead upstream. Should we simply
> adjust the description (and if so what tone should be taken) or should
> the package be removed?

RC4 is used by protocols we might want to implement, so we need the
code.  As far as I understand it, there are relatively safe ways to
use the cipher, even though it is severely broken.

Reply to:

Follow-Ups:
- Re: secuity of Crypt::RC4
  - From: Guy Hulbert <gwhulbert@eol.ca>

References:
- secuity of Crypt::RC4
  - From: Nicholas Bamber <nicholas@periapt.co.uk>

Prev by Date: secuity of Crypt::RC4
Next by Date: Re: secuity of Crypt::RC4
Previous by thread: secuity of Crypt::RC4
Next by thread: Re: secuity of Crypt::RC4
Index(es):
- Date
- Thread