what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

Files from Werner Koch

First Active2003-12-01
Last Active2012-11-12
Libgcrypt 1.5.0
Posted Nov 12, 2012
Authored by Werner Koch | Site gnu.org

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, and Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192), MACs (HMAC for all hash algorithms), public key algorithms (RSA, ElGamal, and DSA), large integer functions, random numbers, and a lot of supporting functions.

Changes: This release added a new gcry_kdf_derive function implementing OpenPGP S2K algorithms and PBKDF2, support for Windows CE, support for ECDH, OAEP, and PSS methods (RFC 3447), new "%M" and "%u" format specifiers for gcry_sexp_build, and new functions that map ECC parameters to a curve name and parameter values. gcry_mpi_cmp when applied to opaque values now has a defined semantic. Intel AES-NI instructions are used if available. The module register subsystem has been deprecated. CTR mode may now be used with data chunks of arbitrary length. PKCS v1.5 code was fixed to always return the leading zero.
tags | library
systems | unix
MD5 | 78f8f8bec4580f75b25816f7896d0389
gpgtaketwo.txt
Posted Dec 1, 2006
Authored by Werner Koch

While fixing a bug reported by Hugh Warrington, a buffer overflow has been identified in all released GnuPG versions. The current versions 1.4.5 and 2.0.0 are affected. A small patch is provided.

tags | advisory, overflow
MD5 | b61c2ceb35b9de65ad9a82a807753b38
gnupgDetect.txt
Posted Mar 11, 2006
Authored by Werner Koch | Site gnupg.org

All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.

tags | advisory, arbitrary
advisories | CVE-2006-0049
MD5 | 1624e40d532873ee965972a044eed1d7
000276.html
Posted Dec 1, 2003
Authored by Werner Koch | Site lists.gnupg.org

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.

tags | advisory
MD5 | d2e8729c12da064590ac01ae3beb9558
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close