Re: [GNUnet-developers] GNUnet 0.6.1b released

[Christian Grothoff]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a (forgotten) problem with libgcrypt.  The crypto library insists on 
checking that the key for the blowfish cypher is 'secure'.  Now, with ECRS we 
do not have a choice as towards what the key looks like and we use millions 
of them.  Which makes it likely that the unlikely case that one of these keys 
is 'weak' occurs.  In GNUnet's "gcry" adaptation the 'weak' check is disabled 
(it has no relevance for the security of the system), but it is enabled in 
libgcrypt (by default).
We should find out how to disable the check (and if it's not possible, ask the 
libgcrypt developers to add an API to disable it).  For now, the workaround 
is to use gcry (on x86 only) or OpenSSL.

Christian

On Monday 09 February 2004 08:21 am, Loïc Le Guyader wrote:
> Le 31 janvier 2004, Christian Grothoff, à bout, prit son clavier pour
>
> taper sur son écran:
> > You must run gnunet-check -ra to migrate from 0.6.1a (or earlier) to
> > 0.6.1b. Running gnunet-check -ra will fix the bloomfilter size, recover
> > the indexed content and possibly fix other problems.
>
> # gnunet-check -ra
> Feb  9 14:18:16 WARNING: GNUNET-CHECK/FIXED-PRIORITY in conf either <= 0 or
> missing Feb  9 14:18:16 WARNING: GNUNET-INSERT/CONTENT-PRIORITY in conf
> either <= 0 or missing Checking indexed files
> * [a filename]
> Feb  9 14:18:37 FAILURE: symcipher.c:encryptBlock: gcry_cipher_setkey
> failed (Weak encryption key)! Feb  9 14:18:37 FATAL: encryption failed!?Feb
>  9 14:18:37 __BREAK__ at logging.c:240 Abandon
>
> No useful information with -V.
>
> Have a nice day.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD4DBQFAJ/Wf9tNtMeXQLkIRAhpxAJim2CQDD1N5CVdLywOQG/JN4wjlAJ4t2Bil
KfMnLvdWhRM/ujYCT0FTkQ==
=FOFh
-----END PGP SIGNATURE-----