On Sun, Mar 16, 2008 at 09:21:05PM -0700, Michael Sierchio wrote:
It is *so* difficult to critique something without seeming to
criticize the work of others, so the following disclaimer applies.
MUCH is owed to the developers and maintainers of OpenSSL --
Mark, Ralf, Stephen, Ben, Lutz, Nils,
On Thu, May 15, 2008 at 11:09:46AM -0500, John Parker wrote:
change -DPURIFY to -DNO_UNINIT_DATA or something else which has a clearer
intention, so that debug packages (or even base packages that want to be
valgrind-friendly) have a straightforward mechanism to apply. Well, a
On Sun, May 18, 2008 at 05:24:51PM -0400, Thor Lancelot Simon wrote:
So you're comfortable with the adversary knowing, let's say, 511 of
the first 512 bits fed through SHA1?
*Sigh*.
Thor, you clearly have no idea how SHA-1 works. In fact, I'd be
comfortable with an adversary knowing the
On Mon, May 19, 2008 at 11:47:07AM +0200, Bodo Moeller wrote:
You are being a few orders of magnitude too optimistic here, though
... ;-) A zettabyte would be 2^78 bits (less if you use the standard
decimal version of zetta), but SHA-1 will only handle inputs up to
2^64 -1 bits.
That's true
On Mon, May 19, 2008 at 12:30:42PM -0400, Thor Lancelot Simon wrote:
Thanks for the gratuitous insult. I'd be perfectly happy with the case
you'd be happy with, too, but you took my one bit and turned it into 256.
But your example is NOT what openssl does.
I recently had similar issue with
On Tue, May 20, 2008 at 10:43:27PM -0700, dean gaudet wrote:
the so-called uninitialized data is actually from the stack right? an
attacker generally controls that (i.e. earlier use of the stack probably
includes char buf[] which is controllable). i don't know what ordering
the entropy is
On Wed, Jun 18, 2008 at 01:44:42PM +0530, bagavathy raj wrote:
I have openssl dlls(i.e.libeay32.dll, ssleay32.dll). I need to know if these
libraries are using any of the patented algorithms like IDEA, RC4, RC5,MDC2
etc.Dependency walker helped me but I want to know if there is any other
On Thu, Aug 07, 2008 at 02:13:27AM -0700, David Schwartz wrote:
If so, this doesn't say that /dev/urandom never blocks. It just says that it
will not block waiting for more entropy. In fact, this paragraph is horribly
misleading, because it suggests that the worst thing /dev/urandom can do is
On Sun, Aug 10, 2008 at 07:28:30PM -0700, David Schwartz wrote:
I didn't say you are vulnerable to a MITM attack that compromises the
endpoint. I said that if the endpoint is compromised, you are vulnerable to
MITM attacks. The attacker need not compromise the endpoint himself. He may