On 9/8/2013 10:16 AM, Randolph D. wrote:
2013/9/7 Niklas Schnelle mailto:niklas.schne...@gmail.com>>
Dear OpenSSL users,
what can be done to improve the situation.
One option is to switch from central SSL Certs to selfsigned SSL Certs
in a p2p environment
http://en.wikipedia.org/wiki/
On 9/8/2013 2:13 AM, Graham Leggett wrote:
On 07 Sep 2013, at 11:26 PM, Steve Marquess
wrote:
Note that Dual EC DRBG is *NOT* used by default and a calling
application must specifically and deliberately enable it; that cannot be
done accidentally. Any application which does so will hopefully
On Sep 8, 2013, at 1:16 AM, "Randolph D." wrote:
What needs to be done to establish an SSL connection using an AES channel
to share the secret?
If you're just looking for better trust models for SSL certificates, have a
look at the methods proposed by the DANE working group...
http://www.cisco
2013/9/7 Niklas Schnelle
> Dear OpenSSL users,
>
> what can be done to improve the situation.
>
One option is to switch from central SSL Certs to selfsigned SSL Certs in a
p2p environment
http://en.wikipedia.org/wiki/Self-signed_certificate
SSL sends the key over D/H exchange, which could be att
On 07 Sep 2013, at 11:26 PM, Steve Marquess
wrote:
> Note that Dual EC DRBG is *NOT* used by default and a calling
> application must specifically and deliberately enable it; that cannot be
> done accidentally. Any application which does so will hopefully be fully
> aware of the consequences (an
Ok this sounds like Dual EC DRBG is not really a problem for someone not
bound to use it.
So what about ECDH, I've read in many places e.g. on this cryptography
mailinglist [1] that
it could be trouble when the curves have been suggested by the NSA.
What about the use of hardware rngs?
[1] http:/
On 09/07/2013 11:32 AM, Gary wrote:
> ...
>
> Here's a list of highlights from Bruce's article back
> then[3]:...
>
> "...
> My recommendation, if you're in need of a random-number generator, is
> not to use Dual_EC_DRBG under any circumstances. If you have to use
> something in SP 800-90, use CT
In a recent Q&A with Bruce Schneier and James Ball (a journalist)[1],
Ball said, "Because the NSA and GCHQ have been influencing standards,
and working to covertly modify code, almost anything could potentially
have been compromised. Something as simple as – hypothetically –
modifying a basic rando
