> I can understand your summary quite clearly.
Great.
> Suppose the server encrypts data it sends to the client and the client
> needs to decrypt that data. This is the case when my client SELECTs data
> from the MySQL database. Does this need a different sequence than the
> sequence mentioned a
On Wed, Dec 31, 2008 at 04:38:10PM -0800, David Schwartz wrote:
> Protocols rarely have subtle security issues. Algorithms frequently do.
You are entitled to your opinion. Happy New Year.
--
Viktor.
__
OpenSSL Project
Scott Gifford wrote:
Edward Diener writes:
[...]
[...]
For what books do I look to specifically understand how these
certificates work with public key-private key pairs ? SSL books ?
Cryptography public key-private key books ?
For a general understanding of cryptography, I learned from Bruc
David Schwartz wrote:
Edward Diener wrote:
In this last case I do not understand how the client can encrypt data
going to the server if it has no private key of its own.
Your question is kind of puzzling. Why would the client needs its own
private key in order to encrypt data going to the ser
Hello,
I need convert LDAP accounts to passwd/shadow. Problem is password
conversion: from LDAP DB I obtain some as (I know that plain password
is string "heslo"):
userPassword:: e01ENX1sVjJ3dUI3eG1KdEtUZjZ1Z0dHcHBnPT0=
value is base-64 encoded, thus real value is:
echo -n "e01ENX1sVjJ3dUI3eG1
> The TLS protocol did not fail, what failed is the X.509v3 protocol where
> algorithm choices are not made by SSL users, rather the poor choices
> were made by CAs, who should have known better, and in any case have
> largely phased out MD5, with Verisign (reportedly) just one month away
> from c
On Wed, Dec 31, 2008 at 11:59:50AM -0800, David Schwartz wrote:
>
> Victor Duchovni wrote (ironically, just a week ago):
>
> > No, it is the protocol design (how all the pieces fit together), not the
> > specific algorithms that make it secure (yes the pieces have to have
> > the right general p
Edward Diener wrote:
> In this last case I do not understand how the client can encrypt data
> going to the server if it has no private key of its own.
Your question is kind of puzzling. Why would the client needs its own
private key in order to encrypt data going to the server? In general,
priv
Edward Diener writes:
[...]
> In this last case I do not understand how the client can encrypt
> data going to the server if it has no private key of its own.
Each combination of algorithms that can be used when only one party
has a key must provide some way to do this.
When RSA is used and on
Victor Duchovni wrote (ironically, just a week ago):
> No, it is the protocol design (how all the pieces fit together), not the
> specific algorithms that make it secure (yes the pieces have to have
> the right general properties, but this is secondary).
I can't resist pointing out how today's n
On Wed, Dec 31, 2008 at 05:17:00AM -0500, Jason wrote:
> > To be precise, not a root CA, but an intermediate CA, from an issuing
> > CA involved in multiple "unfortunate" practices.
> >
>
> I read this yesterday, and got to thinking about a firefox plugin to
> generate a warning. Is it sufficie
On Wed December 31 2008, Frank B. Brokken wrote:
> Hi William,
>
> Thanks for your reply. I followed your suggestion and changed the buffer size
> to 480: where the original program shows `500' it now has
> `480'. Unfortunately, after uncommenting the `Doesn't work' section the
> problem remains.
Dear all,
I'm currently working on a digital signature project based on
RSASSA-PKCS1-v1.5. As far as I understand I "just" need to create an SHA1
digest of what I should sign and encryt it with an RSA private key to get
the digital signature. I've made some test with openssl, python and java and
I
Victor Duchovni wrote:
> On Tue, Dec 30, 2008 at 06:38:24PM -0700, Thomas J. Hruska wrote:
>
>> I know MD5 was broken ages ago but this article expands on the theme -
>> make your own legitimate-looking root CA:
>
> To be precise, not a root CA, but an intermediate CA, from an issuing
> CA invol
In message
<9e5f1475c647774eb1c7189fd9457eea018c2...@il-tlv-mail01.comverse.com> on Wed,
31 Dec 2008 09:55:41 +0200, "Dayagi Yaron" said:
Yaron.Dayagi> Hello,
Yaron.Dayagi> Does OPENSSL support AES? Specificaly, via the evp API.
Yaron.Dayagi> The documentation does not indicate it is supported
It doesn't seem to be in the man pages, but it's in the header file.
I have only written some sample code, so I have to go back and review a
bit.
Check openssl/evp.h include file.
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(v
Hi William,
Thanks for your reply. I followed your suggestion and changed the buffer size
to 480: where the original program shows `500' it now has
`480'. Unfortunately, after uncommenting the `Doesn't work' section the
problem remains. Only the first block is decoded. Since 480 clearly fits the
r
17 matches
Mail list logo