[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please test: scrypt 1.2.0a

On 07/26/15 13:45, jungle Boogie wrote:
> On 19 July 2015 at 00:46, Colin Percival <cperciva@tarsnap.com> wrote:
>> Assuming nobody yells (or the yells are things I can fix quickly and easily)
>> I'll roll the official scrypt 1.2.0 release a week from now and then move over
>> to finalizing the next tarsnap release.
> Did you have any reports of problems?

Yes.  Turns out that I was accidentally exploiting a bug in FreeBSD's sh,
and scrypt didn't build on any other platform.  Also, it was broken with
out-of-tree builds.

I've now awarded $120 of bounties for bugs uncovered simply by trying (and
failing) to build scrypt, so if anyone ever thought it wasn't worth trying
to win bug bounties...

> still on track to release?

I'll be sending out scrypt 1.2.0b shortly.  We'll see if anyone finds more
problems with that version.

Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid