Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In my previous posting concerning mcrypt I have not been specific enough. Second attempt, then.
I read in the documentation of the Debian installation package that mcrypt were dysfunctional and the original developers had abandoned the project. “Strong read“ but not very informative.
Can you enlighten me or refer me to a web-page that conveys some more insight? After a few attempts to find some, I give up. If you know the details, is the library affected or only the mcrypt executable? And of course.., affected by what?
Distribution: Slackware64 14.2 and current, SlackwareARM current
Posts: 1,644
Rep:
I just did a short google search and am stunned that you didn't find anything.
I suggest to read the Wikipedia entry, to take a look at the CVS code base and for example the linked diff, where the only active developer removed the reference to his maintainership:
I just did a short google search and am stunned that you didn't find anything.
I do not use google, but swisscows, ixquick and a bunch of other search engines do provide the same results, I guess..
Quote:
I suggest to read the Wikipedia entry, to take a look at the CVS code base and for example the linked diff, where the only active developer removed the reference to his maintainership:
The last update to libmcrypt was in 2007,[1] despite years of unmerged patches.[2] These facts have led security experts to declare mcrypt abandonware and discourage its use in new development.
Curiously, they name 1 fact and call it “these facts”. Apart from that, a security-risk is not mentioned.
Okay, let us assume, that that is all the information there is.
I might then continue to use mcrypt and not feel bad about it... surely an acceptable result of my enquiry. ;-)
Last edited by Michael Uplawski; 02-22-2016 at 01:45 AM.
Reason: odd wording replaced by less odd wording.
Distribution: Slackware64 14.2 and current, SlackwareARM current
Posts: 1,644
Rep:
Quote:
Originally Posted by Michael Uplawski
Curiously, they name 1 fact and tell it “these facts”. Apart from that, a security-risk is not mentioned.
Okay, let us assume, that that is all the information there is.
I might then continue to use mcrypt and not feel bad about it... surely an acceptable result of my enquiry. ;-)
Yes, I think so. Although I would at least look at the (in the Wikipedia article mentioned) merge requests at sourceforge.net to see if there might be something security related. I have not checked that. Otherwise you should of course feel free to use any program you want, however old or maintained it is as long as it provides the functionality you want (no irony intended).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.