Hi Geoff,
On Sun, Sep 21, 2008 at 11:20:35PM -0400, Geoff Thorpe wrote:
Looking at this in more detail, the current s/w PRNG implementation keeps a
running 'entropy' count and when that reaches a certain threshold, it stops
maintaining an entropy counter because the PRNG is considered
Hi again,
On Thursday 11 September 2008 09:32:14 Geoff Thorpe wrote:
On Thursday 11 September 2008 09:06:39 Harald Welte wrote:
On Thu, Sep 11, 2008 at 10:22:38PM +1200, Michal Ludvig wrote:
Have a look here:
http://marc.info/?l=openssl-devm=109113625526391w=2
and in the corresponding
BTW, my memory is vague here, is this Padlock block only able to do
one-shot hashing?
Yes, but a technique bypassing this limitation was proposed and proven
to work (as per end of SHA1 thread mentioned earlier). Technique
involved crashing of hashing instruction into non-accessible page. And
I don't think there's any taboo or a strong opposition against
the patch. It's just that Andy hasn't followed up, I sort of
given up and moved to other projects and the whole thing has
gone forgotten.
Ok. I hope after my re-merge and testing we can get it integrated
this time.
BTW, my memory is
Hi Harald and Geoff,
Harald Welte wrote:
I searched the list archives but couldn't find anything apart from that single
message by Michal to the list. He is talking about someobody having asked him
to add testsuite support, but he didn't exactly know what he needs to add.
I could not find any
Michal,
thanks so much for your detailed feedback. It is much appreciated.
On Thu, Sep 11, 2008 at 10:22:38PM +1200, Michal Ludvig wrote:
And finally the one you already knew about. That's the final works for
me version ready to be committed to openssl tree current at that time
(may not
On Thursday 11 September 2008 09:06:39 Harald Welte wrote:
On Thu, Sep 11, 2008 at 10:22:38PM +1200, Michal Ludvig wrote:
And finally the one you already knew about. That's the final works for
me version ready to be committed to openssl tree current at that time
(may not apply smoothly
On Thu, Sep 11, 2008 at 09:06:39PM +0800, Harald Welte wrote:
Yes, after reviewing the discussion and documentation I tend to agree. So the
best option really is to make OpenSSL use the userspace interface for the
kernel random number generator, and feed that kernel RNG's entropy pool from
I don't think there's any taboo or a strong opposition against the
patch. It's just that Andy hasn't followed up, I sort of given up and
moved to other projects and the whole thing has gone forgotten.
Ok. I hope after my re-merge and testing we can get it integrated this
time.
BTW, my
On Thursday 11 September 2008 15:16:48 Andy Polyakov wrote:
BTW, my memory is vague here, is this Padlock block only able to do
one-shot hashing?
Yes, but a technique bypassing this limitation was proposed and proven
to work (as per end of SHA1 thread mentioned earlier). Technique
involved
On Thu, Sep 11, 2008 at 09:32:14AM -0400, Geoff Thorpe wrote:
I don't think there's any taboo or a strong opposition against the
patch. It's just that Andy hasn't followed up, I sort of given up and
moved to other projects and the whole thing has gone forgotten.
Ok. I hope after my
BTW, my memory is vague here, is this Padlock block only able to do one-shot
hashing?
Yes, but a technique bypassing this limitation was proposed and proven
to work (as per end of SHA1 thread mentioned earlier).
Proof of concept is here: http://logix.cz/michal/devel/padlock/phe_sum.xp
On Fri, 12 Sep 2008, Harald Welte wrote:
On Thu, Sep 11, 2008 at 09:32:14AM -0400, Geoff Thorpe wrote:
I don't think there's any taboo or a strong opposition against
the patch. It's just that Andy hasn't followed up, I sort of
given up and moved to other projects and the whole thing
Hi guys,
ist has been 10 days since I posted this mail about certain questions
with regard to the suboptimal integration of VIA padlock support in OpenSSL.
Is there some kind of taboo against this topic or some bad history that I'm
missing? If yes, I'm sorry to hear that.
In any case, I am
* Harald Welte ([EMAIL PROTECTED]) wrote:
Hi guys,
ist has been 10 days since I posted this mail about certain questions
with regard to the suboptimal integration of VIA padlock support in OpenSSL.
Is there some kind of taboo against this topic or some bad history that I'm
missing? If
Hi Geoff,
thanks for your quick response.
On Wed, Sep 10, 2008 at 09:56:36PM -0400, Geoff Thorpe wrote:
No taboo, no bad history that I'm aware of, just plain old open-source,
everyone's-always-got-something-else-less-free-to-do indifference.
Don't take it personally :-)
ok, thanks. that's
16 matches
Mail list logo