On Mar 25, 2010, at 8:05 AM, Dave Kleiman wrote:
March 24th, 2010 New Research Suggests That Governments May Fake SSL
Certificates
Technical Analysis by Seth Schoen
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
Today two computer security
Also manually forwarded on behalf of Peter Gutmann. As before, if you
reply, don't credit me with the text, it is his.
From pgut001 Fri Mar 26 14:44:54 2010
To: b...@links.org, nicolas.willi...@sun.com
Subject: Re: Against Rekeying
Cc: cryptography@metzdowd.com, pe...@piermont.com,
This is from ten days ago but I just ran across it. Nothing very deep --
just higher speed brute force attacks via GPUs.
http://www.net-security.org/secworld.php?id=9021
--
Perry E. Metzgerpe...@piermont.com
-
On Fri, Mar 26, 2010 at 10:22:06AM -0400, Peter Gutmann wrote:
I missed that in his blog post as well. An equally big one is the SSHv2
rekeying fiasco, where for a long time an attempt to rekey across two
different implementations typically meant drop the connection, and it still
does for the
Nicolas Williams nicolas.willi...@sun.com writes:
I made much the same point, but just so we're clear, SSHv2 re-keying has been
interoperating widely since 2005. (I was at Connectathon, and while the
details of Cthon testing are proprietary, I can generalize and tell you that
interop in this
On Sat, Mar 27, 2010 at 12:31:45PM +1300, Peter Gutmann (alt) wrote:
Nicolas Williams nicolas.willi...@sun.com writes:
I made much the same point, but just so we're clear, SSHv2 re-keying has been
interoperating widely since 2005. (I was at Connectathon, and while the
details of Cthon
