Re: New toy: SSLbar

2003-06-25 Thread Pete Chown
Steven M. Bellovin wrote: From a security point of view, why should anyone download any plug-in from an unknown party? In this very specific case, why should someone download a a plug-in that by its own description is playing around in the crypto arena. I think this is a problem for all open

Re: New toy: SSLbar

2003-06-25 Thread Ian Grigg
Steven M. Bellovin wrote: Please don't take this personally... None taken here, and I doubt that the author of the tool (who has just joined this list it seems) would take any! From a security point of view, why should anyone download any plug-in from an unknown party? In this very specific

Re: New toy: SSLbar

2003-06-25 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ian Grigg writes: Also, to impune the plug-in arrangement is to impune all plug-ins, and to impune the download from an unknown is to impune all downloads from unknowns. Sounds about right... ... I.e., download this fantastic tool which just so annoyingly

Re: New toy: SSLbar

2003-06-25 Thread Andy Isaacson
On Wed, Jun 25, 2003 at 12:02:39PM +0100, Pete Chown wrote: On the other hand, once a back door is installed in binary-only software, it is much less likely to be found. The Interbase back door was only found when the source was opened. I doubt the truth of this statement. Certainly, the

Draft Edition of LibTomMath book

2003-06-25 Thread tom st denis
The Draft Edition of the LibTomMath book [book about how to implement bignum math] is freely available on my site at http://book.libtomcrypt.org Keep in mind it is a draft and has not been edited yet. However, if you ever wanted to learn how to implement efficient [portable too] bignum math

re: Draft Edition of LibTomMath book

2003-06-25 Thread tom st denis
Just a quick comment. The PDF is not a web friendly PDF so you if you are trying to view it inline with your browser you have to wait for it to download completely first. I've managed 80KB/sec off the site so it doesn't take too long to grab it.Alternatively you can grab the .PDF.BZ2 file

DH: pubkeys for p and g

2003-06-25 Thread martin f krafft
The Check Point Firewall-1 Docs insist, that the public keys be used for p and g for the Oakley key exchange. I ask you: is this possible? - which of the two pubkeys will be p, which g? - are they both always primes? - are they both always suitable generators mod p? It just seems to me

Re: Draft Edition of LibTomMath book

2003-06-25 Thread bear
On Wed, 25 Jun 2003, tom st denis wrote: The Draft Edition of the LibTomMath book [book about how to implement bignum math] is freely available on my site at http://book.libtomcrypt.org Keep in mind it is a draft and has not been edited yet. However, if you ever wanted to learn how to

Re: Draft Edition of LibTomMath book

2003-06-25 Thread tom st denis
--- bear [EMAIL PROTECTED] wrote: One thing that I've noticed for a long time is that there are *VERY* few math libraries that don't leave whatever numbers they're working with in memory when deallocating (deallocating heap via free() or deallocating stack via returning from a procedure call