On Tue, Dec 27, 2005 at 02:28:07PM +, Ben Laurie wrote:
> Apparently this rather depends on platform and compiler options. I am
> reliably informed that GMP is not always faster.
>
> For those that really care it'd be cool if someone did a careful
> comparison. It would also be interesting to
Ben Laurie wrote:
> For those that really care it'd be cool if someone did a careful
> comparison. It would also be interesting to know why they differ.
One set of comparisons of OpenSSL 0.9.7d and GMP RSA speed from last March was
posted on the GMP discussion mailing list by the GMP developer at
Jack Lloyd wrote:
> On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote:
>
>> No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP
>> if you want, but its entirely optional; OpenSSL has its own bignum
>> implementation that's just as good.
>
> Last I checked, public key o
In message <[EMAIL PROTECTED]> on Mon, 19 Dec 2005 03:12:16 -0600, "Travis H."
<[EMAIL PROTECTED]> said:
solinym> On 12/19/05, Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
solinym> > unsigned char foo[8];
solinym> >
solinym> > (no, it isn't fool proof, but close enough after 1 second
On 12/19/05, Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
> unsigned char foo[8];
>
> (no, it isn't fool proof, but close enough after 1 second of thought).
I think C guarantees that a char is a byte, but exactly how wide that
is is processor-dependent. IIRC, some of the machines it w
In message <[EMAIL PROTECTED]> on Mon, 19 Dec 2005 01:19:37 -0600, "Travis H."
<[EMAIL PROTECTED]> said:
solinym> On 12/19/05, Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
solinym> > C has three really strong points:
solinym> >
solinym> > - portability. It's one of the most wide-spr
On 12/19/05, Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
> C has three really strong points:
>
> - portability. It's one of the most wide-spread and portable
> compiled languages that I know of.
I beg your pardon? If I want to store 128 bits of information, and
access the 8 most
In message <[EMAIL PROTECTED]> on Sun, 18 Dec 2005 21:56:11 -0600, "Travis H."
<[EMAIL PROTECTED]> said:
solinym> Anytime someone wants to rewrite a C library in a language
solinym> less prone to buffer overflows, I'm totally for it. Some say
solinym> that "it's not the library, it's the program
Anytime someone wants to rewrite a C library in a language less prone
to buffer overflows, I'm totally for it. Some say that "it's not the
library, it's the programmer", but I think that denies human factors.
C simply requires too much machinery on top of it to use it securely.
It is possible to
At 03:34 PM 12/14/2005, [EMAIL PROTECTED] wrote:
An application programmer who is using PKCS1 doesn't even need to
know the small amount of ASN.1 in the spec... libraries that
implement RSA PKCS1 take care of the ASN.1 for the programmer.
This is in fact one reason that ASN.1 exploits
have been
On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote:
> No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP
> if you want, but its entirely optional; OpenSSL has its own bignum
> implementation that's just as good.
Last I checked, public key operations in OpenSSL were sig
[EMAIL PROTECTED] wrote:
> | > | > My question is, what is the layperson supposed to do, if they must
> use
> | > | > crypto and can't use an off-the-shelf product?
> | > |
> | > | When would that be the case?
> | > |
> | > | The only defensible situations I can think of in which a
> | > | non-cr
[EMAIL PROTECTED] wrote:
> On Mon, 12 Dec 2005, Steve Furlong wrote:
> | > My question is, what is the layperson supposed to do, if they must use
> | > crypto and can't use an off-the-shelf product?
> |
> | When would that be the case?
> |
> | The only defensible situations I can think of in whic
On Wed, Dec 14, 2005 at 02:16:10PM -0500, Whyte, William wrote:
>
> > On 12/14/05, Peter Gutmann <[EMAIL PROTECTED]> wrote:
> > > I don't know if there's any site tracking this, but (as the
> > tutorial says) you
> > > can either go with PKCS #1 (the de facto standard, easy to
> > implement and
> On 12/14/05, Peter Gutmann <[EMAIL PROTECTED]> wrote:
> > I don't know if there's any site tracking this, but (as the
> tutorial says) you
> > can either go with PKCS #1 (the de facto standard, easy to
> implement and
> > widely used) ...
>
> Actually, I'm embarassed to admit this but I've se
On 12/14/05, Peter Gutmann <[EMAIL PROTECTED]> wrote:
> I don't know if there's any site tracking this, but (as the tutorial says) you
> can either go with PKCS #1 (the de facto standard, easy to implement and
> widely used) ...
Actually, I'm embarassed to admit this but I've seen PKCS before but
"Travis H." <[EMAIL PROTECTED]> writes:
>In Peter Gutmann's godzilla cryptography tutorial, he has some really good
>(though terse) advice on subtle gotchas in using DH/RSA/Elgamal. I learned a
>few no-nos, such as not sending the same message to 3 seperate users in RSA
>(if using 3 as an encrypti
On Mon, 12 Dec 2005, Steve Furlong wrote:
| > My question is, what is the layperson supposed to do, if they must use
| > crypto and can't use an off-the-shelf product?
|
| When would that be the case?
|
| The only defensible situations I can think of in which a
| non-crypto-specialist programmer
--
From: "Whyte, William" <[EMAIL PROTECTED]>
> Check the standards.
>
> The RSA PKCS#1 standard, which are free, describe how
> to do RSA securely and summarize known security
> results.
> http://www.rsasecurity.com/rsalabs/node.asp?id=2124.
> Don't use PKCS#3-style Diffie Hellman; it's be
Date sent: Mon, 12 Dec 2005 00:41:13 -0600
From: "Travis H." <[EMAIL PROTECTED]>
To: cryptography@metzdowd.com
Subject:crypto for the average programmer
> In Peter Gutmann's godzilla cryptography tutorial, he has some really
> go
On Mon, 12 Dec 2005, Travis H. wrote:
> In Peter Gutmann's godzilla cryptography tutorial, he has some really
> good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.
> I learned a few no-nos, such as not sending the same message to 3
> seperate users in RSA (if using 3 as an encrypt
> NIST, in its series of FIPS standards and Special Publications, has defined
> federal standards for digital signatures and modes of operation for symmetric
> ciphers, and is moving towards standardizing key exchange mechanisms based
> on public key algorithms. Those standards are also free, tho
> In Peter Gutmann's godzilla cryptography tutorial, he has some really
> good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.
> I learned a few no-nos, such as not sending the same message to 3
> seperate users in RSA (if using 3 as an encryption exponent).
> My question is, wh
> My question is, what is the layperson supposed to do, if they must use
> crypto and can't use an off-the-shelf product?
When would that be the case?
The only defensible situations I can think of in which a
non-crypto-specialist programmer would need to write crypto routines
would be an uncommon
24 matches
Mail list logo