On Sat, 1 Sep 2012 14:42:03 +0200, Olivier Berger wrote: > I'm not sure but it seems that revelation 0.4.14 implements a new file format > supposedly more secure, which may also mean that this is fixed in that > release.
I've backported 0.4.14 from <http://oss.codepoet.no/revelation/src> using mostly unmodified the current package setup from stable and can confirm it does fix the 32 character limit, and probably even more importantly, the encryption key derivation algorithm flaw. From the upstream bug it seems like the key derivation algorithm used in 0.4.13 is dangerously weak. "A new encryption system has been implemented using PBKDF2. The user will be informed that a the old system is non-secure and advice to save the file with the new format if it opens an old formated file." This was on 2012-06-24, more than a year ago. I suspect this may deserve some more urgent attention to protect the users of Revelation in Debian. -- Michael Fincham
pgpajPoXmgoqg.pgp
Description: PGP signature
