This hash wont be store anyware, only generated on-the-fly for encryption and
decryption.
Michael S. Zick-4 wrote:
>
> On Fri December 19 2008, BiGNoRm6969 wrote:
>>
>> Terrible idea ? Can I know why ? If my private key stay private, why a
>> SHA256 on it can creates a security hole ?
>>
>
Using the SHA256 on private key was an idea to easily generate symmetric key
without needs to protect the key itself (generated on the fly from the a
protected private key for decryption and encryption).
I did not made any decision about my design but I was exploring this
possibility. All your co
For information: I am using this key to encrypt / decrypt files locally on a
host.
Victor Duchovni wrote:
>
> On Fri, Dec 19, 2008 at 05:34:27PM -0800, BiGNoRm6969 wrote:
>
>> Terrible idea ? Can I know why ? If my private key stay private, why a
>> SHA256 on it can creates a security hole
FIPS 140-2 validation is mandated for encryption modules used by the
US federal government when dealing with sensitive-confidential (but
not classified) information. I believe it's also mandated for the
Canada federal government, as well.
This mandate means that even if it takes 10 minutes to ini
a_l t wrote:
If I want to validate a stripped down module (let's say
for simplicity just without the unwanted self tests), is there a fast
way to do it, or I should expect a 6 months process?
Six months would be fast. For uncomplicated validations I tell my
clients to hope for nine months bu
I understand the requirements of FIPS validation. The product is designed
for Federal market so it must has FIPS validation.The code uses only PRNG
and AES, it doesn't use any of the other algorithms, that were my question
came from.
My problem is really not at the start up of the system, there I c
a_l t wrote:
I understand the requirements of FIPS validation. The product is
designed for Federal market so it must has FIPS validation.
The code uses only PRNG and AES, it doesn't use any of the other
algorithms, that were my question came from.
My problem is really not at the start up of the
On Mon December 22 2008, Steve Marquess wrote:
> a_l t wrote:
> > If I want to validate a stripped down module (let's say
> > for simplicity just without the unwanted self tests), is there a fast
> > way to do it, or I should expect a 6 months process?
>
> Six months would be fast. For uncompli
On Sun, Dec 21, 2008 at 12:54:44PM -0800, BiGNoRm6969 wrote:
>
> Using the SHA256 on private key was an idea to easily generate symmetric key
> without needs to protect the key itself (generated on the fly from the a
> protected private key for decryption and encryption).
>
> I did not made any
Perfectly clear ! Thanks a lot!
Victor Duchovni wrote:
>
> On Sun, Dec 21, 2008 at 12:54:44PM -0800, BiGNoRm6969 wrote:
>
>>
>> Using the SHA256 on private key was an idea to easily generate symmetric
>> key
>> without needs to protect the key itself (generated on the fly from the a
>> prote
According to the FIPS 140-2 User Guide Version 1.2
4.2.2 Installing and Protecting the FIPS Object Module
The system administrator should install the generated fipscanister.o,
fipscanister.o.sha1, and fips_premain.c files in a location protected by the
host
operating system security features. Th
BiGNoRm6969:
> Never heard about binary specification of the RSA* private key.
> Can you give
> more more information about that please.
Okay, think about this logically. You want to take the SHA256 hash of an RSA
private key and get the same result every time. But the SHA256 hash function
takes
> And, I should note, you've already proved our point a dozen times
> over. Your
> code contains three separate bugs, all of them extremely serious. For
> example, you used the byte size of the *MODULUS* (that's what RSA_size
> returns) as the hash input size for the private key.
And, by the way,
On Mon, Dec 22, 2008 at 12:29:20PM -0800, David Schwartz wrote:
>
> > For information: I am using this key to encrypt / decrypt files
> > locally on a
> > host.
>
> Why not use the RSA key for this purpose, using an established and tested
> algorithm? Since you have the RSA key, and there are a
> For information: I am using this key to encrypt / decrypt files
> locally on a
> host.
Why not use the RSA key for this purpose, using an established and tested
algorithm? Since you have the RSA key, and there are any number of
established algorithms to use an RSA key for encryption, why did y
> > Why not use the RSA key for this purpose, using an established
> > and tested
> > algorithm? Since you have the RSA key, and there are any number of
> > established algorithms to use an RSA key for encryption, why
> > did you roll
> > your own?
>
> This too is wrong,
If it's wrong, why did yo
On Mon, Dec 22, 2008 at 04:40:27PM -0800, David Schwartz wrote:
> > > Why not use the RSA key for this purpose, using an established
> > > and tested
> > > algorithm? Since you have the RSA key, and there are any number of
> > > established algorithms to use an RSA key for encryption, why
> > > di
> - Don't choose algorithms for security, choose protocols for
> security.
That sounds completely backwards to me. When we have a set of security
requirements, the first thing we do is select the algorithms that meet those
requirements, then we look for protocols that implement them.
F
On Mon, Dec 22, 2008 at 09:58:07PM -0800, David Schwartz wrote:
>
> > - Don't choose algorithms for security, choose protocols for
> > security.
>
> That sounds completely backwards to me. When we have a set of security
> requirements, the first thing we do is select the algorithms tha
19 matches
Mail list logo
