> It was my understanding that the HMAC key needed to be secret even
> when used for verification. (Otherwise people could forge an HMAC.)
Correct.
>From what you wrote, I understand you're using crypto for files. When
one thinks of the H(filecontent) as the 'sector number' and the file
itself
I'm having trouble getting BIO_renegotiate_timeout() and
BIO_renegotiate_bytes to work, and I'm hoping someone can help me out
with what I'm doing wrong.
The socket is initially opened and a connection accepted, and then I
setup SSL with the following.
SSL* ssl = SSL_new(ctx);
BIO* bio =
Unsticking foot for 60 seconds - and, yes, this time I checked before
I blab. Let's hope I checked enough:
On Thu, Oct 1, 2009 at 11:25 PM, Michael D. Adams wrote:
> Any normal user on a Linux machine would be able to see 'ps -f'. But
> to 'cat' the keyfile or coredump the app, they would need t
On Thu, Oct 1, 2009 at 4:37 PM, Kyle Hamilton wrote:
> The question becomes more one of: Why does the OP need to keep the
> HMAC computation key secret? Is the OP using the same key for HMAC
> calculation as for symmetric encryption? (If so, why? If not, why
> does the OP need to keep the verifi
On Thu, Oct 1, 2009 at 5:44 PM, Michael S. Zick wrote:
> Misplaced security barrier -
> The user should be sufficiently security qualified to see what they type.
> Everbody in the same room should be sufficiently security qualified
> to see anything typed within that room.
> The room should be suf
On Thu, Oct 1, 2009 at 10:33 PM, wrote:
> admin# echo 100 > /tmp/p.txt
> admin# sleep `cat /tmp/p.txt` &
> [1] 21988
> admin# ps -ef | grep sleep | grep -v grep
> root 21988 3150 0 22:29 pts/0 00:00:00 sleep 100
Dang. Buggerit buggerit buggerit.
Yep, you're absolutely right.
How long
Hi all...I'm having a bit of trouble with openssl and I was hoping
someone here might point me in the right direction.
I've been given an X509 signing certificate that I’m storing in base64
format along with a SHA1 w/ RSA signature. How do I verify that
signature against the signing certificat
On Thu October 1 2009, Michael D. Adams wrote:
> On Thu, Oct 1, 2009 at 4:24 PM, Ger Hobbelt wrote:
> > A note about your mention of 'security leak': when you are worried
> > about adversaries who can run 'ps -l' on your machine, then you're
> > essentially worried about adversaries with plenty of
On Thu, Oct 1, 2009 at 4:24 PM, Ger Hobbelt wrote:
> A note about your mention of 'security leak': when you are worried
> about adversaries who can run 'ps -l' on your machine, then you're
> essentially worried about adversaries with plenty of access to your
> machine, so they'll quite probably be
On Thu, Oct 01, 2009, Michael D. Adams wrote:
> How would I securely compute a MAC for a file? The obvious way
> (below) has a security leak as it puts the key on the command line
> which other users could easily observe with "ps -f".
>
> $ openssl dgst -sha1 -hmac
>
> I would have thought th
`cat keyfile` is processed by the shell, not by OpenSSL. That means
that the backquotes are processed and stripped before the OpenSSL
process ever sees it, which means that the shell is going to execute
the cat and then will execute the dgst with the commandline including
the contents of the cat.
Hello,
owner-openssl-us...@openssl.org wrote on 10/01/2009 10:24:11 PM:
> Ger Hobbelt
> Sent by: owner-openssl-us...@openssl.org
> ;-) Of course, you always could go an use shell backquoting, e.g.
>
> dgst -hmac `cat keyfile` ...
>
> assuming the 'keyfile' is in the proper format already.
;-) Of course, you always could go an use shell backquoting, e.g.
dgst -hmac `cat keyfile` ...
assuming the 'keyfile' is in the proper format already.
A note about your mention of 'security leak': when you are worried
about adversaries who can run 'ps -l' on your machine, then you're
essentiall
How would I securely compute a MAC for a file? The obvious way
(below) has a security leak as it puts the key on the command line
which other users could easily observe with "ps -f".
$ openssl dgst -sha1 -hmac
I would have thought that something like "openssl enc" has with "-pass
file:" would
Hi,
I want to implement HTTP download of CRLs from cert's
CrlDistributionPoints in my application (if any) and
include them in the verify process.
What was best practice or best design to do this
with OpenSSL? Are there certain callbacks I should use?
Or even a sample I missed in the source code?
We are using openssl-32bit-0.9.8a-18.26 on SLES 10.2 (x86_64).
This problem is only occurring on a very small percentage of our installs, and
is not readily repeatable, but is always results in the same back trace.
Program terminated with signal 11, Segmentation fault.
#0 0xb7bf54e3 in ssl3_rea
Joe Novak wrote:
> Hi,
> I'm using the EVP_ set of function calls to interface to
> 2-key 3DES. I see how to set the first key in EVP_EncryptInit
> but I do not see how to set the second key. Is it possible
> with the EVP_ calls or do I need to use the lower-level DES_
> functions? Thanks.
>
Hi everyone,
I'm facing a problem setting up an OCSP Responder for internal use in my
application.
I've set up an internal CA for my application to authorize my users to access
to it. When a user logs on I check its certificate using an OCSP request which
is sent to openssl ocsp server.
Every
18 matches
Mail list logo