On Tue, Dec 27, 2005 at 02:28:07PM +, Ben Laurie wrote:
> Apparently this rather depends on platform and compiler options. I am
> reliably informed that GMP is not always faster.
>
> For those that really care it'd be cool if someone did a careful
> comparison. It would also be interesting to
The latest round of "SSL and X.509 certs in browsers are broken" has
gone on too long. I kept hoping after weeks people might get bored,
but they haven't. I'm cutting it off for at least a little while.
I'll entertain new postings only if they propose actual solutions
rather than long philosophic
Ben Laurie wrote:
> For those that really care it'd be cool if someone did a careful
> comparison. It would also be interesting to know why they differ.
One set of comparisons of OpenSSL 0.9.7d and GMP RSA speed from last March was
posted on the GMP discussion mailing list by the GMP developer at
David Malone wrote:
> On Tue, Dec 27, 2005 at 03:26:59AM -0600, Travis H. wrote:
>> On 12/26/05, Ben Laurie <[EMAIL PROTECTED]> wrote:
>>> Surely if you do this, then there's a meet-in-the middle attack: for a
>>> plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
>>> decrypt C.
On Tue, Dec 27, 2005 at 03:26:59AM -0600, Travis H. wrote:
> On 12/26/05, Ben Laurie <[EMAIL PROTECTED]> wrote:
> > Surely if you do this, then there's a meet-in-the middle attack: for a
> > plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
> > decrypt C. If E_A(P)=D_B(C), then
On Mon, Dec 26, 2005 at 12:51:37PM +, Ben Laurie wrote:
> > The other day I was thinking of using a very large key to select a
> > permutation at random from the symmetric group S_(2^x). That would be
> > a group, but I don't see how you knowing that I'm using a random
> > permutation would he
Ben Laurie wrote:
> This is the SSH design for host keys, of course, and also the petnames
> design for URLs. Unfortunately petnames don't solve the problem that it
> is hard to check the URL even the first time.
the original SSL paradigm was predicated on end-to-end security that
"the server the
Anne & Lynn Wheeler wrote:
> a more sensible human factors design ... is to remember whether a person
> has checked out first time communication with a stranger ... the real
> first time, have the person do something additional ... and from then on
> remember that checking. in that respect ... crea
Jack Lloyd wrote:
> On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote:
>
>> No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP
>> if you want, but its entirely optional; OpenSSL has its own bignum
>> implementation that's just as good.
>
> Last I checked, public key o
On 12/26/05, Ben Laurie <[EMAIL PROTECTED]> wrote:
> Surely if you do this, then there's a meet-in-the middle attack: for a
> plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
> decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the
> strength of your cipher from
On 12/23/05, Philipp Gühring <[EMAIL PROTECTED]> wrote:
> It´s easy to say that it´s their responsibility.
> But how should they do it?
Very carefully.
Picking random numbers is far too important to be left to chance.
--
http://www.lightconsulting.com/~travis/
"Vast emptiness, nothing sacred." --
Ben Laurie wrote:
> Eh? It surely does stop MitM attacks - the problem is that there's
> little value in doing so for various reasons, such as no strong binding
> between domain name and owner, UI that doesn't make it clear which
> domain you are going to, or homograph attacks.
part II;
i've repe
--
From: Anne & Lynn Wheeler
<[EMAIL PROTECTED]>
> as part of various integrity issues related to that
> process, there has been a proposal, somewhat backed by
> the ssl domain name certification authority industry
> that domain name owners also register a public key
> with t
Ben Laurie wrote:
> Eh? It surely does stop MitM attacks - the problem is that there's
> little value in doing so for various reasons, such as no strong binding
> between domain name and owner, UI that doesn't make it clear which
> domain you are going to, or homograph attacks.
it stops the MITM a
Travis H. wrote:
> On 12/21/05, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
>>> Good ciphers aren't permutations, though, are they? Because if they
>>> were, they'd be groups, and that would be bad.
>> Actually, by definition, a cipher should be a permutation from the set
>> of plaintexts to the se
Anne & Lynn Wheeler wrote:
> James A. Donald wrote:
>> However, the main point of attack is phishing, when an
>> outsider attempts to interpose himself, the man in the
>> middle, into an existing relationship between two people
>> that know and trust each other.
>
> in the public key model ... wh
--
From: Philipp Gühring
<[EMAIL PROTECTED]>
> The problem is that I have to live with COTS
> (Common-off-the-shelf) software out there, that is
> generating the certificate requests. The only thing I
> can do is create a blacklist or a whitelist of known
> bad or known g
Ben Laurie wrote:
Ian G wrote:
http://wiki.cacert.org/wiki/VhostTaskForce
(The big problem of course is that you can use
one cert to describe many domains only if they
are the same administrative entity.)
If they share an IP address (which they must, otherwise there's no
problem), then t
Ian G wrote:
> Ben Laurie wrote:
>> Ian G wrote:
> ...
>>> http://wiki.cacert.org/wiki/VhostTaskForce
>
>>> (The big problem of course is that you can use
>>> one cert to describe many domains only if they
>>> are the same administrative entity.)
>>
>>
>> If they share an IP address (which they mu
Eric Rescorla wrote:
> Ben Laurie <[EMAIL PROTECTED]> writes:
>>> And we need SSL v2 to die so it doesn't interfere
>>> with the above.
>> Actually, you just disable it in the server. I don't see why we need
>> anything more than that.
>
> The problem is that the ServerHostName extension that sign
Ben Laurie wrote:
Ian G wrote:
...
http://wiki.cacert.org/wiki/VhostTaskForce
(The big problem of course is that you can use
one cert to describe many domains only if they
are the same administrative entity.)
If they share an IP address (which they must, otherwise there's no
problem), the
21 matches
Mail list logo
