This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 3/4] Deprecate DES encryption functions.
On Tue, May 8, 2018 at 10:33 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 05/06/2018 07:51 PM, Zack Weinberg wrote:
>
>> +* The functions 'encrypt', 'encrypt_r', 'setkey', 'setkey_r',
>> 'cbc_crypt',
>> + 'ecb_crypt', and 'des_setparity' are deprecated. They encrypt and
>> decrypt
>> + data with the DES block cipher, which is no longer considered secure.
>> + Also, encrypt, encrypt_r, setkey, and setkey_r require awkward pre- and
>> + post-processing of the encryption key and data to be encrypted, and
>> + encrypt and setkey are not thread-safe. Software that still uses these
>> + functions should switch to a modern cryptography library, such as
>> GnuTLS.
>
> GNUTLS is no longer part of the GNU project. You should recommend libgcrypt
> instead.
Thanks, I didn't know that. Will change. libgcrypt is also a better
suggestion because it's a cryptography library first, rather than a
TLS protocol client first.
zw