https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30594
Bug ID: 30594
Summary: Package Crypt::CBC 2.35 or higher to increase security
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Packaging
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Currently, Debian mostly comes with Crypt::CBC 2.33 pre-packaged. If we
package 2.35 or above we can benefit from a performance boost as well as having
the ability to update our derivation function to using the recommended pbkdf2
algorithm instead of the backwards compatible default of opensslv1.
If we choose to package this, we should also update Koha::Encryption to reflect
the change and use pbkdf2.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
