![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to newfor23.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to newfor23.doc CVS log | Up to [PGP] / pgp / doc |
1.1 root 1: News for PGP 2.3a
2:
3: There was a bug in PGP's handling of clear-signed messages when lines
4: were terminated with CR-LF pairs. This has been revamped. The previous
5: limit on the length of lines in clear-signed messages has been eliminated.
6:
7: The randseed.bin file was not closed when read, which resulted in it
8: not being rewritten with a new value under some operating systems.
9: Fixed.
10:
11: Not all of the bytes in randseed.bin were being used, resulting in less
12: randomness than desired when picking session keys. While it did not make
13: the compromise of session keys likely, it was undesirable and has been fixed.
14:
15: PGP should now compile with less difficulty under OS/2.
16: The Turbo C makefile was incorrect. Fixed.
17: The VMS build files were out of date. Fixed.
18:
19: PGP was not accepting octal escapes in the language.txt file that did not
20: begin with \0. \377 is now acceptable.
21: The language.txt file got mangled in the middle somehow. Fixed.
22:
23: News for PGP 2.3
24:
25: This PGP 2.3 release has several bug fixes over PGP 2.2, and a few
26: new (although somewhat esoteric) features. Among them are:
27:
28: - An important bug: there was a bug with compression under MS-DOS which
29: caused the wrong piece of memory to be freed, with results that ranged
30: from none to undecodable messages to machine crashes.
31:
32: - When adding keys, PGP now properly closes all the files it opens, so
33: you don't run out of file handles (MS-DOS) or file descriptors (UNIX).
34:
35: - Sometimes PGP would not properly ask the user to set trust parameters
36: when keys were validated by adding new signatures. This has been
37: fixed.
38:
39: - When PGP messages are sent through a MIME mail system, a conflict
40: arises over the use of the '=' character. PGP can now decode ASCII
41: armored messages which have been mangled by MIME's quoting mechanism.
42:
43: - PGP previously kept track of one pass phrase (from the PGPPASS
44: environment variable, the file descriptor named by the PGPPASSFD
45: environment variable, a -z <password> option, or previous user
46: prompts), and tried it if it needed a subsequent pass phrase. This
47: caused bugs if you attempted something that required two pass phrases,
48: such as pgp -sc (sign and conventionally encrypt). PGP now keeps
49: track of any number of pass phrases, including multiple -z options,
50: and uses them as necessary. Mostly, it just Does The Right Thing,
51: but if you care, the exact algorithm is as follows:
52:
53: - There is a pool of private-key pass phrases that starts out with the
54: contents of the PGPPASS environment variable (if any), and has every
55: pass phrase that is successfully used to unlock a private key added
56: to it. When a private key needs unlocking, every pass phrase in the
57: pool is tried first.
58: - There is a list of PGP pass phrases available for use by whatever needs
59: one. This is initialized with the -z command-line options and the
60: phrase read from the PGPPASSFD file descriptor. When a pass phrase
61: is needed, it is taken from the front of that list. When a pass
62: phrase is needed to unlock a secret key, every key on the list is tried,
63: and if it "fits" and unlocks the secret key, it is moved to the key
64: pass phrase pool.
65: - If the above fails to produce a pass phrase, the user is prompted to
66: supply one.
67:
68: Key generation (we need all the keystrokes we can get for random-number
69: accumulation) and key signing (to make sure the user really means to do
70: what they're doing) are exceptions; the user is always prompted for a
71: pass phrase under those circumstances.
72:
73: New options:
74:
75: +pkcs_compat=n
76: This defaults to 1, which tells PGP to generate encryption key
77: and signature blocks in a format derived from the PKCS standards.
78: This format is understood (but not generated) by PGP 2.2. If set
79: to 0, the old format is generated, which may be needed for
80: portability to PGP versions before 2.2. PGP is still incompatible
81: with the PKCS standards in many ways, but in future, values of 2
82: or higher may be used to produce formats which are more compatible.
83:
84: Other notes:
85:
86: The MS-DOS executable was compiled with Borland C++ version 3.0, optimized
87: for maximum speed, except that jump optimisation was turned off. If it
88: is turned on, the Transform() function in md5.c is compiled incorrectly.
89: The pgp.prj file that was used is included in the source distribution.
90:
91: Thanks to everyone who worked on PGP and sent in bug reports. Two who
92: didn't make it into the manual are to Lindsay DuBois for a bit of last-
93: minute translation, and Reptilian Research for support in developing PGP.
94:
95: And thanks to the Cypherpunks who managed to get PGP so much attention
96: in Wired magazine recently.
97:
98: I hope you enjoy PGP!
99:
100: -Colin <[email protected]>
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.