- Forwarded message from "James A. Donald" -
Date: Fri, 11 Oct 2013 07:41:56 +1000
From: "James A. Donald"
To: cypherpu...@cpunks.org, Giles Coochey
Subject: Re: [pfSense] Can pfSense be considered trusted? What implementations
of VPNs can now be trusted?
Messag
On Thu, Oct 10, 2013 at 12:23 PM, Vick Khera wrote:
>
>
> To list the "strong" ciphers only, use this: /usr/local/bin/openssl
> ciphers "TLSv1.2:-MD5:-RC4:-aNULL:-MED:-LOW:-EXP:-NULL"
>
MD5 as a hash function has been broken, but that break (fast collision
search) is irrelevant for its use as a
On Thu, Oct 10, 2013 at 1:19 PM, Jim Thompson wrote:
> > Is there any mechanism to insert ciphers into Pfsense that are not
> currently supported?
>
> You have the source code.
>
> I, for one, am uninterested in non standards-compliant (and thus
> interoperable) implementations.
>
I personally c
On Oct 10, 2013, at 4:49 PM, Giles Coochey wrote:
> On 10/10/2013 15:04, Chris Bagnall wrote:
>> What made you change from AES to Blowfish, and is there any evidence to
>> suggest that Blowfish is more 'secure' than AES?
>>
> My understanding is that AES was championed by an agency which has r
On Oct 10, 2013, at 4:34 PM, Yehuda Katz wrote:
> Since we keep coming back to FreeBSD as it pertains to security:
>
> 3) FreeBSD is very mature, and very well reviewed. I've looked into FreeBSD
> to my personal satisfaction. OpenBSD may be abrasive as a community at
> times, but their work
Hi Giles,
On 2013-10-10 16:50, Giles Coochey wrote:
Trying to get this back on-topic, I will change the subject however
Giles, please note that Jim Pingle has already started a new thread for
this purpose that he named "[pfSense] Crypto/RNG Suggestions" today.
It seems to be beneficial to add
On 10/10/2013 15:04, Chris Bagnall wrote:
What made you change from AES to Blowfish, and is there any evidence to suggest
that Blowfish is more 'secure' than AES?
My understanding is that AES was championed by an agency which has
received recent bad-press.;-)
Blowfish was a contender to act
On Thu, Oct 10, 2013 at 02:50:41PM +0100, Giles Coochey wrote:
> 1. The random number generator - As pfSense uses FreeBSD this may
> well be a FreeBSD specific question, however, are there any ways
> within pfsense that we can improve the entropy pool that the random
> number gets its randomness f
Since we keep coming back to FreeBSD as it pertains to security:
3) FreeBSD is very mature, and very well reviewed. I've looked into
>> FreeBSD to my personal satisfaction. OpenBSD may be abrasive as a
>> community at times, but their work product is pretty impressive in terms of
>> being clean
On Thu, Oct 10, 2013 at 9:50 AM, Giles Coochey wrote:
> Trying to get this back on-topic, I will change the subject however, to
> alleviate the issues the anti-tin-foil-hat-brigade have. (ps I am also
> top-posting on purpose as I believe the conversation below has near to no
> relevance to my q
I've deliberately stayed out of the political discussion, but interested in
this more technical discussion…
On 10 Oct 2013, at 14:50, Giles Coochey wrote:
> 2. Cipher Selection - we're not all cryptoanalysts, so statements like 'trust
> the math' don't always mean much to us, given the reports
Trying to get this back on-topic, I will change the subject however, to
alleviate the issues the anti-tin-foil-hat-brigade have. (ps I am also
top-posting on purpose as I believe the conversation below has near to
no relevance to my questions, but simply is an argument as to whether
these quest
12 matches
Mail list logo