On Mon, Jun 05, 2017 at 11:58:47AM -0600, Aaron Toponce wrote: > Package: bcrypt > Version: 1.1-8.1+b1 > > The bcrypt package is 15 years outdated, with no updates. The last update was > 2002-09-13: https://sourceforge.net/projects/bcrypt/files/. > > In addition, bug #700758 mentions that bcrypt does not use a secure form of > encryption, in that it uses the Blowfish algorithm. Indeed, Blowfish is a > 64-bit cipher, and is vulnerable to the Sweet32 Birthday attack. See > https://sweet32.info/.
Hi, just one comment. Because of that and other problems Debian bcrypt package is currently decrypt-only, just in case someone has old bcrypt encrypted files. I used to have some of those files flying around, but to be honest I did not need them for some years now. Regards, -- Agustin
