Revision history for Perl extension Crypt::CBC. 2.17 Mon Jan 9 18:22:51 EST 2006 -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly using 8 byte IVs when generating the old-style RandomIV style header (as opposed to the new-style random salt header). This affects data encrypted using the Rijndael algorithm, which has a 16 byte blocksize, and is a significant security issue. The bug has been corrected in versions 2.17 and higher by making it impossible to use 16-byte block ciphers with RandomIV headers. You may still read legacy encrypted data by explicitly passing the -insecure_legacy_decrypt option to Crypt::CBC->new(). -The salt, iv and key are now reset before each complete encryption cycle. This avoids inadvertent reuse of the same salt. -A new -header option has been added that allows you to select among the various types of headers, and avoids the ambiguity of having multiple interacting options. -A new random_bytes() method provides access to /dev/urandom on suitably-equipped hardware. 2.16 Tue Dec 6 14:17:45 EST 2005 - Added two new options to new(): -keysize => Force the keysize -- useful for Blowfish -blocksize => Force the blocksize -- not known to be useful ("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with Blowfish) 2.15 Thu Nov 17 17:34:28 EST 2005 - -add_header=>0 now explicitly turns off any attempt of parsing the header in decrypt routines. 2.14 Thu May 5 16:08:15 EDT 2005 - RandomIV in message header overrides manually-supplied -salt, as one would expect it should. 2.13 Fri Apr 22 13:01:32 EDT 200 - Added OpenSSL compatibility - Salt and IV generators take advantage of /dev/urandom device, if available - Reorganized internal structure for coding clarity - Added regression test for PCBC mode 2.12 Thu Jun 17 11:52:04 EDT 2004 - quenched (again) uninitialized variable warnings 2.11 Thu Jun 3 12:07:33 EDT 2004 -Fixed bug reported by Joshua Brown that caused certain length strings to not encrypt properly if ending in a "0" character. 2.10 Sat May 29 13:10:05 EDT 2004 -Fixed Rijndael compat problems 2.09 Thu May 27 11:18:06 EDT 2004 -Quenched uninitialized variable warnings 2.08 Wed Sep 11 08:12:49 EDT 2002 -Bug fix from Chris Laas to fix custom padding 2.07 Thu Aug 8 14:44:52 EDT 2002 -Bug fixes from Stephen Waters to fix space padding -Lots of regression tests from Stephen Waters 2.05 Tue Jun 11 22:18:04 EDT 2002 -Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC. -Lots of improvements to padding mechanisms from Stephen Waters 2.04 Tue Jun 11 22:18:04 EDT 2002 WITHDRAWN VERSION DO NOT USE 2.03 Mon Feb 4 15:41:51 EST 2002 -Patch from Andy Turner to allow backward compatibility with old versions when key length exceeded max. 2.02 Thu Jan 24 00:15:52 EST 2002 - Default to pre-2.00 style padding, because Jody's default padding method was not binary safe. 2.01 Mon Dec 10 12:11:35 EST 2001 - Removed debugging code. 2.00 Tue Oct 31, 2000 - Patches for foreign program compatibility, initialization vectors and padding methods from Jody Biggs 1.25 Thu Jun 8 11:56:28 EDT 2000 - Bug fix didn't get into version 1.24. Is in version 1.25 1.24 Tue Jun 6 17:35:18 EDT 2000 - Fixed a bug that prevented a DES and an IDEA object from being used simultaneously. 1.22 Wed Jan 26 19:07:30 EST 2000 - Added support for Crypt::Blowfish (available from www.cryptix.org) - Fixed failure to encrypt data files < 8 bytes - Fixed -w warning when decrypting data files < 8 bytes 1.21 Mon Nov 29 17:11:17 EST 1999 - Generate random initialization vector. - Use same encryption format as Ben Laurie's patches to OpenSSL (versions >= 0.9.5) 1.20 Sun Dec 20 3:58:01 1998 MET - Folded in bug fixes from Devin Carraway (chiefly having to do with finish() being called with a zero-length buffer). 1.10 Thu Sep 11 09:15:01 1998 - Changed package name to Crypt::CBC 1.00 Tue Jun 16 07:37:35 1998 - original version; created by h2xs 1.18