Package: libgcrypt11 Version: 1.4.5-2 Severity: normal libgcrypt's tiger192 message digest implementation doesn't appear to match the output / test vectors used by other implementations.
This was reported to upstream back in November, with no response: http://lists.gnupg.org/pipermail/gcrypt-devel/2009-November/001512.html If this digest is commonly used by any implementation, i don't know about it (http://source.debian.net/source appears to be offline, so i can't do a full search right now). If no one is inclined to resolve the problem, i think disabling the cipher in debian's gcrypt packages might be reasonable. shipping non-standard implementations of a digest algorithm seems worse than not shipping them at all. --dkg -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libgcrypt11 depends on: ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libgpg-error0 1.6-1 library for common error values an libgcrypt11 recommends no packages. Versions of packages libgcrypt11 suggests: pn rng-tools <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
