/usr/share/doc/libmcrypt-dev/README.key is in libmcrypt-dev 2.5.8-3.3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 | Mcrypt 2.1 was insecure (vulnerable to brute force attack for weak keys)
because it just used the plainkey as it was given by the user as algorithm's
key. The solution seems to be a function which tranforms the
key given by the user to a real -random looking- key.
There are many functions that may convert a password or a passphrase to
a key. Most of them use hash algorithms. You can find some implementations
at the libmhash package at: http://mhash.sourceforge.net
|