RE: question re practical use of secret sharing

2007-06-27 Thread Geoffrey Hird
Peter Gutmann writes: Is anyone aware of a commercial product that implements secret sharing? If so, can I get a pointer to some product literature? It's available as part of other products (e.g. nCipher do it for keying their HSMs) Do you mean the k of n operator cards? For those, I

RE: More info in my AES128-CBC question

2007-04-24 Thread Geoffrey Hird
Leichter, Jerry wrote: Suppose we use AES128-CBC with a fixed IV. It's clear that the only vulnerability of concern occurs when a key is reused. OK, where do No, remember that if the IV is in the clear, an attacker can make some controlled bit changes in the first plaintext block. (There has

RE: OT: SSL certificate chain problems

2007-02-03 Thread Geoffrey Hird
Victor Duchovni wrote: On Sun, Jan 28, 2007 at 12:47:18PM -0500, Thor Lancelot Simon wrote: That doesn't make sense to me -- the end-of-chain (server or client) certificate won't be signed by _both_ the old and new root, I wouldn't think (does x.509 even make this possible)? Or do I