神刀安全网

KeePass2 v 2.34 to fix the update security problem

From the KeePass site: http://keepass.info/help/kb/sec_issues.html#updsig

In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512).

KeePass 2.34 and higher only accept such a digitally signed version information file. This solution is more secure than just using HTTPS, because it guarantees version information safety even when the webserver is compromised (the private key for signing the version information is not stored on the webserver).

Downloads page: http://keepass.info/download.html

Edit: The update has NOT yet been released, as of (CET 11:30 2016-06-06)

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » KeePass2 v 2.34 to fix the update security problem

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址