On Wed, Oct 04, 2017 at 10:39:03AM +0100, Matt Caswell wrote:
> > At the very least, it should be added to the big notes:
> > https://www.openssl.org/news/openssl-1.1.0-notes.html
> > (this was in fact the first place I looked when my data was broken,
> > there was nothing about the enc tool
On Tue, Oct 03, 2017 at 09:45:43AM +0200, Tomas Mraz wrote:
> On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote:
> >
> > > 1.2. This also opens the path to stronger key derivation (PBKDF2)
> > > 2. During decryption, if no header block is present, and no message
> > > digest was specified,
Commit f8547f62c212837dbf44fb7e2755e5774a59a57b (documented in
9e8b6f042749ded556380227c9f2db7ffad9a3aa), changed the default digest
for the 'enc' utility from MD5 to SHA256.
While I do strongly encourage getting away from MD5, this has the
unfortunate side effect of silently breaking existing