Jack Lloyd wrote:
On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote:
No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP
if you want, but its entirely optional; OpenSSL has its own bignum
implementation that's just as good.
Last I checked, public key operations
On Tue, Dec 27, 2005 at 02:28:07PM +, Ben Laurie wrote:
Apparently this rather depends on platform and compiler options. I am
reliably informed that GMP is not always faster.
For those that really care it'd be cool if someone did a careful
comparison. It would also be interesting to
In message [EMAIL PROTECTED] on Sun, 18 Dec 2005 21:56:11 -0600, Travis H.
[EMAIL PROTECTED] said:
solinym Anytime someone wants to rewrite a C library in a language
solinym less prone to buffer overflows, I'm totally for it. Some say
solinym that it's not the library, it's the programmer, but
On 12/19/05, Richard Levitte - VMS Whacker [EMAIL PROTECTED] wrote:
C has three really strong points:
- portability. It's one of the most wide-spread and portable
compiled languages that I know of.
I beg your pardon? If I want to store 128 bits of information, and
access the 8 most
In message [EMAIL PROTECTED] on Mon, 19 Dec 2005 01:19:37 -0600, Travis H.
[EMAIL PROTECTED] said:
solinym On 12/19/05, Richard Levitte - VMS Whacker [EMAIL PROTECTED] wrote:
solinym C has three really strong points:
solinym
solinym - portability. It's one of the most wide-spread and
On 12/19/05, Richard Levitte - VMS Whacker [EMAIL PROTECTED] wrote:
unsigned char foo[8];
(no, it isn't fool proof, but close enough after 1 second of thought).
I think C guarantees that a char is a byte, but exactly how wide that
is is processor-dependent. IIRC, some of the machines it was
In message [EMAIL PROTECTED] on Mon, 19 Dec 2005 03:12:16 -0600, Travis H.
[EMAIL PROTECTED] said:
solinym On 12/19/05, Richard Levitte - VMS Whacker [EMAIL PROTECTED] wrote:
solinym unsigned char foo[8];
solinym
solinym (no, it isn't fool proof, but close enough after 1 second
solinym of
At 03:34 PM 12/14/2005, [EMAIL PROTECTED] wrote:
An application programmer who is using PKCS1 doesn't even need to
know the small amount of ASN.1 in the spec... libraries that
implement RSA PKCS1 take care of the ASN.1 for the programmer.
This is in fact one reason that ASN.1 exploits
have
Anytime someone wants to rewrite a C library in a language less prone
to buffer overflows, I'm totally for it. Some say that it's not the
library, it's the programmer, but I think that denies human factors.
C simply requires too much machinery on top of it to use it securely.
It is possible to
On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote:
No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP
if you want, but its entirely optional; OpenSSL has its own bignum
implementation that's just as good.
Last I checked, public key operations in OpenSSL were
[EMAIL PROTECTED] wrote:
| | My question is, what is the layperson supposed to do, if they must
use
| | crypto and can't use an off-the-shelf product?
| |
| | When would that be the case?
| |
| | The only defensible situations I can think of in which a
| | non-crypto-specialist
Travis H. [EMAIL PROTECTED] writes:
In Peter Gutmann's godzilla cryptography tutorial, he has some really good
(though terse) advice on subtle gotchas in using DH/RSA/Elgamal. I learned a
few no-nos, such as not sending the same message to 3 seperate users in RSA
(if using 3 as an encryption
On 12/14/05, Peter Gutmann [EMAIL PROTECTED] wrote:
I don't know if there's any site tracking this, but (as the tutorial says) you
can either go with PKCS #1 (the de facto standard, easy to implement and
widely used) ...
Actually, I'm embarassed to admit this but I've seen PKCS before but
On 12/14/05, Peter Gutmann [EMAIL PROTECTED] wrote:
I don't know if there's any site tracking this, but (as the
tutorial says) you
can either go with PKCS #1 (the de facto standard, easy to
implement and
widely used) ...
Actually, I'm embarassed to admit this but I've seen PKCS
In Peter Gutmann's godzilla cryptography tutorial, he has some really
good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.
I learned a few no-nos, such as not sending the same message to 3
seperate users in RSA (if using 3 as an encryption exponent).
My question is, what is the
My question is, what is the layperson supposed to do, if they must use
crypto and can't use an off-the-shelf product?
When would that be the case?
The only defensible situations I can think of in which a
non-crypto-specialist programmer would need to write crypto routines
would be an uncommon
In Peter Gutmann's godzilla cryptography tutorial, he has some really
good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.
I learned a few no-nos, such as not sending the same message to 3
seperate users in RSA (if using 3 as an encryption exponent).
My question is, what
NIST, in its series of FIPS standards and Special Publications, has defined
federal standards for digital signatures and modes of operation for symmetric
ciphers, and is moving towards standardizing key exchange mechanisms based
on public key algorithms. Those standards are also free, though
On Mon, 12 Dec 2005, Travis H. wrote:
In Peter Gutmann's godzilla cryptography tutorial, he has some really
good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.
I learned a few no-nos, such as not sending the same message to 3
seperate users in RSA (if using 3 as an encryption
Date sent: Mon, 12 Dec 2005 00:41:13 -0600
From: Travis H. [EMAIL PROTECTED]
To: cryptography@metzdowd.com
Subject:crypto for the average programmer
In Peter Gutmann's godzilla cryptography tutorial, he has some really
good
--
From: Whyte, William [EMAIL PROTECTED]
Check the standards.
The RSA PKCS#1 standard, which are free, describe how
to do RSA securely and summarize known security
results.
http://www.rsasecurity.com/rsalabs/node.asp?id=2124.
Don't use PKCS#3-style Diffie Hellman; it's been
On Mon, 12 Dec 2005, Steve Furlong wrote:
| My question is, what is the layperson supposed to do, if they must use
| crypto and can't use an off-the-shelf product?
|
| When would that be the case?
|
| The only defensible situations I can think of in which a
| non-crypto-specialist programmer
22 matches
Mail list logo
