Hello,
On Feb 7, 2011, at 7:43 PM, Jean-Michel Pouré - GOOZE wrote:
> Le lundi 07 février 2011 à 17:25 +0100, Peter Stuge a écrit :
>> Maybe more extensive testing could be done. Higher precision timing,
>> and say 1000 or 1 cycles.
>
> Okay, I understand what you mean. Timing is different a
On 02/08/2011 07:08 PM, Andreas Jellinghaus wrote:
> Am Dienstag 08 Februar 2011, um 09:08:38 schrieb Ludovic Rousseau:
>> I would not say openssh is slow or fast. That is not the problem here.
>> It is _expected_ to have a _highly_ variable time for prime number
>> generators.
>
> maybe some smar
On Tue, 2011-02-08 at 14:42 -0600, Douglas E. Engert wrote:
> > So, if there is a problem within a particular application, that problem
> > should also be fixed within the same application. If that isn't possible
> > at all, then improvements in libopensc may be considered.
>
> Yes that is the sit
On 2/8/2011 2:40 PM, Andre Zepezauer wrote:
> On Tue, 2011-02-08 at 11:04 -0600, Douglas E. Engert wrote:
>>
>> On 2/8/2011 9:18 AM, Jean-Michel Pouré - GOOZE wrote:
>>> Le mardi 08 février 2011 à 09:09 -0600, Douglas E. Engert a écrit :
It requires test machines that are members of an AD do
On 2/8/2011 1:29 PM, Andre Zepezauer wrote:
> Hello Douglas,
>
> please have a look at that picture [1]. FYI the cardmod resides on the
> same level as OpenSC.tokend does. As you can see, there is a clear
> distinction between the library 'libopensc' and the applications (shown
> at the top).
>
On Tue, 2011-02-08 at 11:04 -0600, Douglas E. Engert wrote:
>
> On 2/8/2011 9:18 AM, Jean-Michel Pouré - GOOZE wrote:
> > Le mardi 08 février 2011 à 09:09 -0600, Douglas E. Engert a écrit :
> >> It requires test machines that are members of an AD domain and the
> >> user must have a smart car
Hello Douglas,
please have a look at that picture [1]. FYI the cardmod resides on the
same level as OpenSC.tokend does. As you can see, there is a clear
distinction between the library 'libopensc' and the applications (shown
at the top).
So, if there is a problem within a particular application,
Am Dienstag 08 Februar 2011, um 09:08:38 schrieb Ludovic Rousseau:
> I would not say openssh is slow or fast. That is not the problem here.
> It is _expected_ to have a _highly_ variable time for prime number
> generators.
maybe some smart cards add extra delays if they find a random number
fast,
On 2/8/2011 9:18 AM, Jean-Michel Pouré - GOOZE wrote:
> Le mardi 08 février 2011 à 09:09 -0600, Douglas E. Engert a écrit :
>> It requires test machines that are members of an AD domain and the
>> user must have a smart card with certificates trusted for login.
>
> Why not use http://www.mys
Jean-Michel Pouré - GOOZE wrote:
> Le mardi 08 février 2011 à 15:30 +0100, Peter Stuge a écrit :
> > Quality of key material is however very important, for all cards,
> > since these are security products.
> > If in fact a card is not so secure, then we will do the world a
> > service by pointing t
On 2/7/2011 4:49 PM, Andre Zepezauer wrote:
> On Mon, 2011-02-07 at 16:00 -0600, Douglas E. Engert wrote:
Attached is a patch that implements a sc_ctx_use_reader, to pass in two
void
pointers to an underling driver. The code to use this from cardmod.c to the
cardmod code in r
Le mardi 08 février 2011 à 15:30 +0100, Peter Stuge a écrit :
> Quality of key material is however very important, for all cards,
> since these are security products.
> If in fact a card is not so secure, then we will do the world a
> service by pointing that out. Peer review, you know how it works
Jean-Michel Pouré - GOOZE wrote:
> > Hopefully the quality of your key is.
>
> The issue of the quality started with a remark from Ludovic:
>
> > It looks like bad news for me.
> > A prime number generator in constant time is _very_ suspect.
>
> On mailing list, this kind of remark is meant to s
Le mardi 08 février 2011 à 14:11 +0100, Peter Stuge a écrit :
> Hopefully the quality of your key is.
The issue of the quality started with a remark from Ludovic:
> It looks like bad news for me.
> A prime number generator in constant time is _very_ suspect.
On mailing list, this kind of remark
Jean-Michel Pouré - GOOZE wrote:
> Le mardi 08 février 2011 à 11:53 +0100, Ludovic Rousseau a écrit :
> > Jean-Michel, can you work on setting up the tools and procedure?
>
> Sorry, I wron't. As you generate RSA keys once and forget it, the
> generation speed is not an issue to me IMHO.
Hopefully
Le mardi 08 février 2011 à 11:53 +0100, Ludovic Rousseau a écrit :
> Jean-Michel, can you work on setting up the tools and procedure?
Sorry, I wron't. As you generate RSA keys once and forget it, the
generation speed is not an issue to me IMHO.
--
Jean-Michel Pouré - Gooze - htt
Jean-Michel Pouré - GOOZE wrote:
> > It is _expected_ to have a _highly_ variable time for prime number
> > generators.
>
> This is understood now. So please let us remove key generation time on
> the wiki for all cards.
This suggestion could easily be misinterpreted as promoting security
by obsc
Le 8 février 2011 11:17, Jean-Michel Pouré - GOOZE a écrit :
> Le mardi 08 février 2011 à 09:08 +0100, Ludovic Rousseau a écrit :
>> It is _expected_ to have a _highly_ variable time for prime number
>> generators.
>
> This is understood now. So please let us remove key generation time on
> the wi
Le mardi 08 février 2011 à 09:08 +0100, Ludovic Rousseau a écrit :
> It is _expected_ to have a _highly_ variable time for prime number
> generators.
This is understood now. So please let us remove key generation time on
the wiki for all cards. This is kind of spam to me to let users believe
that
Le 7 février 2011 19:33, Jean-Michel Pouré - GOOZE a écrit :
> Le lundi 07 février 2011 à 15:27 +0100, Ludovic Rousseau a écrit :
>> It looks like bad news for me.
>> A prime number generator in constant time is _very_ suspect.
>
> Don't be suspicious, the Feitian PKI is a fast card.
The problem
20 matches
Mail list logo
