On 03/09/2018 04:26 PM, Michael Schwendt wrote:
On Fri, 9 Mar 2018 16:14:39 +0100, Florian Weimer wrote:
On 01/29/2018 03:38 PM, Michael Schwendt wrote:
The reason why I ask is that Claws Mail still uses encrypt() with the sole
purpose of being able to decrypt old passwords. It doesn't convert them to
different encryption algorithms automatically, unless the user changes the
password, and it doesn't force the user to set a Master Password either.
Only the latter would add security since Claws Mail 3.14.0 (2016), which
added that as a new feature.
Which cryptographic library does Claws Mail use to implement the other
encryption algorithm?
GnuTLS
GnuTLS uses Nettle, but does not provide access to DES. You can use
Nettle directly:
https://www.lysator.liu.se/~nisse/nettle/nettle.html#DES
OpenSSL will work as well, but as Nettle is a preexisting dependency,
it's probably the right choice here.
Thanks,
Florian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
