Better fix to insecure password check (fixes #501)

author: Jay Berkenbilt <ejb@ql.org> 2021-02-05 02:32:00 +0100
committer: Jay Berkenbilt <ejb@ql.org> 2021-02-05 02:44:05 +0100
commit: 3de67173de1b162ad967f67dc23e4a2663b94f9b (patch)
tree: 67a229feef317c331f9ccf1c01ab3bbb203de54f /ChangeLog
parent: 63158cf546f0566eed61b0c76afd1a5c886ae8a8 (diff)
download: qpdf-3de67173de1b162ad967f67dc23e4a2663b94f9b.tar.zst
1 files changed, 5 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index cbcfba7a..d5ceeea2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,11 +5,11 @@
 	Fixes #499.
 
 	* By default, give an error if a user attempts to encrypt a file
-	with an empty owner password or an owner password that is the same
-	as the user password. Such files are insecure. Most viewers either
-	won't open such files or will not enforce security settings. To
-	allow explicit creation of files like this, pass the new
-	--allow-insecure option. Fixes #501.
+	with a 256-bit key, a non-empty user password, and an empty owner
+	password. Such files are insecure since they can be opened with no
+	password. To allow explicit creation of files like this, pass the
+	new --allow-insecure option. Thanks to github user RobK88 for a
+	detailed analysis and for reporting this issue. Fixes #501.
 
 2021-02-02  Jay Berkenbilt  <ejb@ql.org>
author	Jay Berkenbilt <ejb@ql.org>	2021-02-05 02:32:00 +0100
committer	Jay Berkenbilt <ejb@ql.org>	2021-02-05 02:44:05 +0100
commit	3de67173de1b162ad967f67dc23e4a2663b94f9b (patch)
tree	67a229feef317c331f9ccf1c01ab3bbb203de54f /ChangeLog
parent	63158cf546f0566eed61b0c76afd1a5c886ae8a8 (diff)
download	qpdf-3de67173de1b162ad967f67dc23e4a2663b94f9b.tar.zst