sir can you help me by showing the code to implement the RSASHA3 method in
the zone?
--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-us
On Thu, Apr 20, 2017 at 04:03:21PM +0100, Chris Thompson wrote:
> On Apr 20 2017, Tony Finch wrote:
>
> > Mark Andrews wrote:
> > >
> > > DSA requires random values as part of the signing process.
> >
> > Traditionally, yes, but it isn't actually required -
> > https://tools.ietf.org/html/rfc69
On Apr 20 2017, Tony Finch wrote:
Mark Andrews wrote:
DSA requires random values as part of the signing process.
Traditionally, yes, but it isn't actually required -
https://tools.ietf.org/html/rfc6979
There is a great deal to be said for using deterministic DSA even if
your random number
TL;DR
Sent from Nine<http://www.9folders.com/>
From: Timothe Litt
Sent: Apr 20, 2017 7:34 AM
To: bind-users@lists.isc.org
Subject: Re: RDRAND, etc [ wasRe: Slow zone signing with ECDSA
On 20-Apr-17 01:26, Paul Kosinski wrote:
"The tinfoil hat brigade in some distributions has res
On 20-Apr-17 01:26, Paul Kosinski wrote:
> "The tinfoil hat brigade in some distributions has resisted using them,
> fearing some conspiracy to provide not-so-random numbers."
>
> I think the NSA *did*, in fact, compromise the "Dual Elliptic Curve
> Deterministic Random Bit Generator" and paid RSA
>> DSA requires random values as part of the signing process.
>
> Traditionally, yes, but it isn't actually required -
> https://tools.ietf.org/html/rfc6979
This is only implemented in openssl 1.1.0:
https://github.com/openssl/openssl/commit/190c615d4398cc6c8b61eb7881d7409314529a75
As I've read
Mark Andrews wrote:
>
> DSA requires random values as part of the signing process.
Traditionally, yes, but it isn't actually required -
https://tools.ietf.org/html/rfc6979
(PuTTY has been using deterministic DSA since 2001, because of
problems with obtaining random numbers on old versions of Win
"The tinfoil hat brigade in some distributions has resisted using them,
fearing some conspiracy to provide not-so-random numbers."
I think the NSA *did*, in fact, compromise the "Dual Elliptic Curve
Deterministic Random Bit Generator" and paid RSA to make it the default
in one of their products --
On 19-Apr-17 21:43, Mark Andrews wrote:
> ...
> DSA requires random values as part of the signing process. Really
> all CPU's should have real random number sources built into them
> and new genuine random values should only be a instruction code away.
>
> Mark
Most recent ones do. See RDRAND fo
In message , "Spain, Dr. Jeffry A." writes:
> > Install and run haveged... The problem is your system doesn't have
> > enough entropy
>
> This was clearly the problem. I built a new test server with haveged
> installed, and the bind9 completed ECDSAP256SHA256 signing in 5 seconds.
> I used 9.11.1
> Install and run haveged... The problem is your system doesn't have enough
> entropy
This was clearly the problem. I built a new test server with haveged installed,
and the bind9 completed ECDSAP256SHA256 signing in 5 seconds. I used 9.11.1
this time since it was just released today.
_
> Install and run haveged... The problem is your system doesn't have enough
> entropy in the processor or maybe it's a VM but either way there is not
> enough entropy to produce random seeds which is why it is taking so long.
Thanks, David. The system is a Microsoft Azure VM. I assumed that whil
I'm testing a bind9 v11.1.0-P5 server signing 8 small zones de novo with
ECDSAP256SHA256. The process takes about 12 hours to complete vs. signing with
RSASHA256, which is almost immediate, but signing is ultimately successful. The
server is running Ubuntu 16.04 LTS with current patches. I don't
13 matches
Mail list logo
