Lintian ReportsBETA

Tag versions

Eobsolete-des-encryption

The tag is present in Lintian version 2.114.55. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.108.0 release tag in our Git repository.

You can find the detection logic for this version at commit a1e47cb. For merge requests, please use the latest version in the Lintian check binaries/obsolete/crypt.

Visibility: error

The listed ELF binary appears to use a C library function that performs DES encryption and/or decryption (encrypt, encrypt_r, setkey, and/or setkey_r). The DES block cipher can be broken by brute force on modern hardware, which makes any use of these functions insecure. Also, programs that use these functions cannot be linked against the libcrypt.so provided by glibc 2.28 and higher. . The program will need to be revised to use modern cryptographic primitives and protocols. Depending on how the program uses these functions, it may be necessary to continue using DES under some circumstances (e.g. for protocol compatibility, or to retain the ability to decrypt old data on disk) but this should be done using the DES functions in a modern cryptographic library (e.g. libgcrypt). . This is almost certainly an upstream bug, and should be addressed in coordination with the upstream maintainers of the software. . A false positive for this check is possible if the binary expects the definition of encrypt, encrypt_r, setkey, and/or setkey_r to come from some shared library other than libcrypt.so, and that shared library defines these functions to do something other than perform DES encryption. If this is the case it is appropriate to override this tag.

The following 1 source packages in the archive triggered the tag 2 times (in any Lintian version).

There were no overrides.