Thanks for the helping me understand the whole entropy thing better. It is
still get the feeling that this is a "best effort" thing and that nobody can
actually proof what is correct. I am probably just bringing the math down to my
level - sorry.
With that said for validation I still need to
The scenario is kind of like this:
1. I copy the newest openssl library to the platform I am testing.
2. I build evp_test along with the newest openssl version (the one from point
no 1) and then I copy it on the platform I am testing.
3. With an older openssl in the build path, I build a custom
On Wednesday, 27 July 2016 15:23:21 CEST Leon Brits wrote:
> John,
>
> Thanks for your reply.
>
> The SP800-90B test has different types of test but the test with the lowest
> output is used as the maximum entropy capability of the chip. That is how I
> understand it from the FIPS lab.
>
> For
See:
https://tools.ietf.org/html/rfc4086
Section 4 suggests ways to de-skew.
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."
> On Jul 28, 2016, at 6:51 AM, Hubert Kario wrote:
>
> On Wednesday, 27 July 2016 15:23:21 CEST
Let's play a guessing game. I provide a hardware-based random number
generator of my choosing. It produces a stream of bytes. It has
an entropy density greater than 2.35 bits per byte. This claim is
consistent with all the usual tests, but it is also more than that;
it is not just "apparent"
On Wed, Jul 27, 2016 at 05:32:49PM -0700, Paul Dale wrote:
> John's spot on the mark here. Testing gives a maximum entropy not a minimum.
> While a maximum is certainly useful, it isn't what you really need to
> guarantee your seeding.
Fom what I've read, some of the non-IID tests actually
Hi,
Just to let you know that today's master fails to build when option
no-nextprotoneg is used.
Build stop when linking ssl_test.exe :
cl /I "." /I "include" /I "include" -DOPENSSL_USE_APPLINK
-DDSO_WIN32 -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE
-DOPENSSL_PIC
I am defining OPENSSL_NO_SHA512 and get a compilation error in ssl/t1_lib.c:
[08:47:30][Step 3/5] c->pkeys[SSL_PKEY_ECC].digest =
EVP_sha384();
[08:47:30][Step 3/5] ^
[08:47:30][Step 3/5]
I probably should have mentioned this in my earlier message, but the
exponential example is valid for the NSIT SP800-90B non-IID tests too: 5.74889
bits per byte of assessed entropy. Again about as good a result as the tests
will ever produce given the ceiling of six on the output. There is
Hi,
I am new to SSL stuff.
I was wondering whether the CA chain of a certificate can be changed.
Let say the initial chain is
Server->Intermediate CA1->Intermediate CA2->Root CA
and during renewal we have Server->Root CA
Sent from Yahoo Mail. Get the app--
openssl-dev mailing list
To
10 matches
Mail list logo