Re: Cryptography and the Open Source Security Debate

2004-08-28 Thread lrk
On Wed, Aug 25, 2004 at 03:17:15PM +0100, Ben Laurie wrote: lrk wrote: My examination of RSAREF and OpenSSL code was more toward understanding how they handled big numbers. It appears both generate prime numbers which are half the length of the required N and with both of the two most

Re: Cryptography and the Open Source Security Debate

2004-08-25 Thread Ben Laurie
lrk wrote: On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote: On 10 Aug 2004, at 5:16 AM, John Kelsey wrote: So, how many people on this list have actually looked at the PGP key generation code in any depth? Open source makes it possible for people to look for security holes, but it

Re: Cryptography and the Open Source Security Debate

2004-08-24 Thread lrk
On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote: On 10 Aug 2004, at 5:16 AM, John Kelsey wrote: So, how many people on this list have actually looked at the PGP key generation code in any depth? Open source makes it possible for people to look for security holes, but it sure

Re: Cryptography and the Open Source Security Debate

2004-08-10 Thread John Kelsey
From: lrk [EMAIL PROTECTED] Sent: Aug 6, 2004 1:04 PM To: R. A. Hettinga [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cryptography and the Open Source Security Debate ... More dangerous is a key generator which deliberately produces keys which are easy to factor by someone knowing

Re: Cryptography and the Open Source Security Debate

2004-07-22 Thread J Harper
There doesn't appear to be a discussion forum related to the Web post, so I'll reply here. We've gone through a similar thought process at my company. We have a commercial security product (MatrixSSL), but provide an open source version for many of the good points Daniel makes. There are a few