The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-07-03T18:00:00
Updated: 2007-07-19T09:00:00
Reserved: 2007-07-03T00:00:00
Link: CVE-2007-3528
JSON object: View
NVD Information
Status : Modified
Published: 2007-07-03T18:30:00.000
Modified: 2008-11-15T06:53:02.907
Link: CVE-2007-3528
JSON object: View
Redhat Information
No data.
CWE