Florian Weimer of the Debian security team writes: > I think the proper fix would be to encode the password in UTF-8 for > new encryptions, and try both the old cp1252 method and the new one on > decryption. > > I would add this information to the Launchpad bug, but for some > reason, I get error message. > > In any case, until upstream has implemented something in this > direction, I don't think it's worth pushing a security update.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1214844 Title: Non-CP1252 characters in passwords are insecure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keepassx/+bug/1214844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs