summaryrefslogtreecommitdiff
path: root/ChangeLog
blob: ea40d18590e558346381421c586949222e2e921e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Changes in 1.3
* Added koremutake method for pronouncible password generation.
* Moved to MIT license

Changes in 1.2
* Added cryptlib support

* Added an option to compile with mlock() instead of mlockall().
  - mlockall() caused problems on some Linux 2.6 distros because it would
    succeed even for ordinary users. some library component would then
    try to allocate too much memory which would exceed the process'
    resource limits for locked memory. being unable to allocate memory has
    resulted in a crash.

* Minor code improvements:
  - uses mprotect(PROT_NONE) on the last page of secure memory so that the
    segmentation fault is guaranteed on buffer overflow
  - minor cleanups

* Updated manpage

Changes in 1.1 
* Major security improvements:
  - memory locking
  - zeroing "secure" memory on exit
  - disabling core dumps
  - dropping root privileges after memory locking
  - printing a warning if security can't be completely set up

* The program does no buffer length checking. If you try to generate too long
  passphrase, the program will CRASH because of buffer overrun. For that
  event to happen the passphrase would have to be long about 3000 characters.

* Major code cleanups.

* Added the manual page.