diff options
author | Jay Berkenbilt <ejb@ql.org> | 2021-02-05 02:32:00 +0100 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2021-02-05 02:44:05 +0100 |
commit | 3de67173de1b162ad967f67dc23e4a2663b94f9b (patch) | |
tree | 67a229feef317c331f9ccf1c01ab3bbb203de54f /ChangeLog | |
parent | 63158cf546f0566eed61b0c76afd1a5c886ae8a8 (diff) | |
download | qpdf-3de67173de1b162ad967f67dc23e4a2663b94f9b.tar.zst |
Better fix to insecure password check (fixes #501)
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -5,11 +5,11 @@ Fixes #499. * By default, give an error if a user attempts to encrypt a file - with an empty owner password or an owner password that is the same - as the user password. Such files are insecure. Most viewers either - won't open such files or will not enforce security settings. To - allow explicit creation of files like this, pass the new - --allow-insecure option. Fixes #501. + with a 256-bit key, a non-empty user password, and an empty owner + password. Such files are insecure since they can be opened with no + password. To allow explicit creation of files like this, pass the + new --allow-insecure option. Thanks to github user RobK88 for a + detailed analysis and for reporting this issue. Fixes #501. 2021-02-02 Jay Berkenbilt <ejb@ql.org> |