On Mon, Dec 11, 2000 at 01:34:03PM +0200, Pieter Grobler wrote:
> Hi, is there license fees for OPEN SSL if you use it for commercial use.
> what is main risks when using open SSL as-is source code.
> Random number generator (Key) ?
> Crypto loop holes ?
> Private Keys storage ?
Well, of course there is a security Risk in Any Software. Well, the private
Key Storage is a weak point of all SSL Systems if you have to do automated
access (i.e. on a web server). If you do not protcet the key storage with a
password, then a hacker can gain that key. Note this is also true for keys
stored on chipkeys.
I am not aware of any known security probelms of Open SSL. Of course you
have to make sure that you watch the usual SSL Probelms:
- restrict the cipher suites to a list you feel safe with
- be ware that ssl is only dealing with the transport of data, not the
storage or authentication. for that you need a document based
encrytpiob/signature like pgp or s/mime.
Afaik the PNG is depending on the platform you deploy the System.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
