tom st denis [EMAIL PROTECTED] writes:
The lib uses RSA for key exchange [and the client may scrutinize the
key before making the connection via a callback], AES-128-CTR [two
different keys for each direction] and SHA1-HMAC. The niche of the lib
is that my library compiles to a mere 10KB.
tom st denis [EMAIL PROTECTED] writes:
--- Eric Rescorla [EMAIL PROTECTED] wrote:
tom st denis [EMAIL PROTECTED] writes:
Two weeks ago I sat down to learn how to code my own SSL lib [key
on
being small]. Suffice it to say after reading the 67 page RFC for
SSL
3.0 I have no clue
tom st denis [EMAIL PROTECTED] writes:
--- Eric Rescorla [EMAIL PROTECTED] wrote:
In other words, this is just an exercise in Not Invented Here.
Wonderful.
Oh, ok so I need your permission?
No, you don't need my permission. You can do any fool thing you
want. It would just be nice if you
tom st denis [EMAIL PROTECTED] writes:
--- Eric Rescorla [EMAIL PROTECTED] wrote:
Heck, if you could find a security flaw in LibTomNet [v0.03] I'll
buy
you a beer.
Your protocol does not use appear to have any protection against
active attacks on message sequence, including message
Hi,
Could anyone offer
any thoughts on what is the "best" encrypted virtual disk drive, which can run
on (at least) Windows XP Pro.
I used to use the
free version of PGPdisk (which you get with PGP version 6.0.2i), but that won't
work with Windows XP.
I also used to use
ScramDisk, but
At 18:31 07/07/2003 -0400, Tim Dierks wrote:
...
So, it all boils down to a system that's not dissimilar to a traditional
CA-based public key system. In order for you to participate, you go to the
trusted third party, they verify that you own the e-mail address you're
claiming to possess (with
This is possibly a silly question, but here goes.
Reading something PKI-related the other day I was wondering about
the semantics of different kinds of certificates. One usually says that
traditional id certs map names to keys or tie keys to names[1]. This
is usually written:
I've been using BestCrypt from Jetico for some years. They're Finnish.
I haven't tried it with XP but the new version works with it. If you
don't have a license, the container goes read only so you don't lose
your data. I haven't vetted them for technical or political
trustworthyness because my
At 08:45 AM 7/8/2003 -0700, Fritz Schneider wrote:
This is possibly a silly question, but here goes.
Reading something PKI-related the other day I was wondering about
the semantics of different kinds of certificates. One usually says that
traditional id certs map names to keys or
At 11:40 AM 7/8/03 -0600, Anne Lynn Wheeler wrote:
A hardware token that requires a PIN/password to operate can be considered
two-factor authentication (something you have and something you know).
I was going to comment on how a simple plastic debit card
that includes a photo provides the
tom st denis [EMAIL PROTECTED] writes:
--- Eric Rescorla [EMAIL PROTECTED] wrote:
tom st denis [EMAIL PROTECTED] writes:
The point I'm trying to make is that just because a fairly standard
product exists doesn't mean diversity is a bad thing. Yes, people
may
fail to create
Or you can run vmware under XP, run NetBSD under vmware, use CGD, and
export it back to windows with samba.
It's sick, but I know of at least one person who is doing this, and he
says the performance is acceptable (on his 1+ GHz laptop).
/ji
also sprach C. Wegrzyn [EMAIL PROTECTED] [2003.07.08.2324 +0200]:
This is the same approach used in the Authentica system but it is
deployed in an enterprise environment.
Sure, but this doesn't make it any more secure. I only know very
little about Authentica, but it also doesn't strike my
On Tue, Jul 08, 2003 at 02:20:46PM -0700, Eric Murray wrote:
For comparison purposes, I have a copy of an SSLv3/TLS client library
I wrote in 1997. It's 56k of (Intel Linux) code for everything
except RSA. That includes the ASN.1 and X.509 parser.
Implementing the server-specific parts
At 05:30 PM 7/8/2003, Nomen Nescio wrote:
One difference is that with the identity-based crypto, once a sender
has acquired the software and the CA's public key, he doesn't have to
contact the CA to get anyone's certificate. He can encrypt to anyone
without having to contact the CA, just based on
One difference is that with the identity-based crypto, once a sender
has acquired the software and the CA's public key, he doesn't have to
contact the CA to get anyone's certificate. He can encrypt to anyone
without having to contact the CA, just based on the email address.
Your proposed
Ian Grigg [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
My logic is that if you're going to create something new, it should
be better than what already exists.
Right. But better is not a binary choice in real
life. SSL is only better if it exceeds all
requirements when compared
17 matches
Mail list logo
