On Wed, 5 Jan 2005 08:49:36 +0800, Enzo Michelangeli said:
That's basically what /dev/urandom does, no? (Except that it has the
undesirable side-effect of depleting the entropy estimate maintained
inside the kernel.)
This entropy depletion issue keeps coming up every now and then, but I
I wrote:
If the problem is a shortage of random bits, get more random bits!
Florian Weimer responded:
We are talking about a stream of several kilobits per second on a busy
server (with suitable mailing lists, of course). This is impossible
to obtain without special hardware.
Not very special, as
At 22:51 2004-12-22 +0100, Florian Weimer wrote:
* John Denker:
Florian Weimer wrote:
Would you recommend to switch to /dev/urandom (which doesn't block if
the entropy estimate for the in-kernel pool reaches 0), and stick to
generating new DH parameters for each connection,
No, I wouldn't.
* Victor Duchovni:
The third mode is quite common for STARTTLS with SMTP if I am not
mistaken. A one day sample of inbound TLS email has the following cipher
frequencies:
8221(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
6529(using TLSv1 with cipher
Florian Weimer wrote:
Would you recommend to switch to /dev/urandom (which doesn't block if
the entropy estimate for the in-kernel pool reaches 0), and stick to
generating new DH parameters for each connection,
No, I wouldn't.
or ...
generate them once per day and use it for several connections?
On Sun, Dec 19, 2004 at 05:24:59PM +0100, Florian Weimer wrote:
* Victor Duchovni:
The third mode is quite common for STARTTLS with SMTP if I am not
mistaken. A one day sample of inbound TLS email has the following cipher
frequencies:
8221(using TLSv1 with cipher
* Victor Duchovni:
The Debian folks have recently stumbled upon a problem in this area:
Generating the ephemeral DH parameters is expensive, in terms of CPU
cycles, but especailly in PRNG entropy. The PRNG part means that it's
not possible to use /dev/random on Linux, at least on servers.
On Wed, 1 Dec 2004, Anne Lynn Wheeler wrote:
the other attack is on the certification authorities business process
Note that in a fair number of Certificate issuing processes common in
industry the CA (sysadmin) generates both the private key -and-
certificate, signs it and then exports both
This sounds very confused. Certs are public. How would knowing a copy
of the server cert help me to decrypt SSL traffic that I have intercepted?
I found allot of people mistakenly use the term certificate to mean
something like a pkcs12 file containing public key certificate and private
key.
Anton Stiglic wrote:
I found allot of people mistakenly use the term certificate to mean
something like a pkcs12 file containing public key certificate and private
key. Maybe if comes from crypto software sales people that oversimplify or
don't really understand the technology. I don't know, but
OK, Ian and I are, rightly or wrongly, on the same page here. Obviously my
choice of the word certificate has caused confusion.
[David Wagner]
This sounds very confused. Certs are public. How would
knowing a copy
of the server cert help me to decrypt SSL traffic that I have
intercepted?
-Original Message-
From: Eric Rescorla [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 01, 2004 7:01 AM
To: [EMAIL PROTECTED]
Cc: Ben Nagy; [EMAIL PROTECTED]
Subject: Re: SSL/TLS passive sniffing
Ian Grigg [EMAIL PROTECTED] writes:
[...]
However could one do a Diffie
[EMAIL PROTECTED] writes:
-Original Message-
From: Eric Rescorla [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 01, 2004 7:01 AM
To: [EMAIL PROTECTED]
Cc: Ben Nagy; [EMAIL PROTECTED]
Subject: Re: SSL/TLS passive sniffing
Ian Grigg [EMAIL PROTECTED] writes:
[...]
However
Ben raises an interesting thought:
There was some question about whether this is possible for connections that
use client-certs, since it looks to me from the spec that those connections
should be using one of the Diffie Hellman cipher suites, which is obviously
not vulnerable to a passive
Ian Grigg writes:
I note that disctinction well! Certificate based systems
are totally vulnerable to a passive sniffing attack if the
attacker can get the key. Whereas Diffie Hellman is not,
on the face of it. Very curious...
No, that is not accurate. Diffie-Hellman is also insecure if the
15 matches
Mail list logo
