"Viren R.Shah" wrote:
>
> I installed a recent snapshot of -current (a week ago) and I keep
> getting the following warnings:
>
> [vshah@vorpal] /etc> perl
> perl: warning: Setting locale failed.
> perl: warning: Please check that your locale settings:
> LC_ALL = (unset),
> LC_CT
> I'm all for storing a sample at shutdown and using it to help seed the
> PRNG at startup, but it shouldn't be the only seed used (for example, the
> case where the system has never been shut down (cleanly) before and so has
> no pre-existing seed file is a BIG corner case to consider since thats
> After rereading the paper in more detail, Step 7 of the reseed algorithm
> seems not entirely consistent with this: they explicitly refer to writing
> out "the next 2k bits of output from the generator to the seed file"
> (slightly different terminology, but I couldn't find any other references
On Sat, 22 Jul 2000, Mark Murray wrote:
> Lots of references: Schneier's "Applied Cryptography" talks about
> using Good Hashes for crypto and Good Crypto for hashes. Schneier's
> site at www.counterpane.com will give you plenty.
I havent been able to get my hands on Applied Cryptography, but I
When I was doing a make world on my system for
5.0-current, I was getting this error:
===> sys/boot/i386/boot2as --defsym
FLAGS=0x80 /usr/src/sys/boot/i386/boot2/boot1.s -o boot1.old -nostdlib
-static -N -e start -Ttext 0x7c00 -o boot1.out boot1.oobjcopy -S -O binary
boot1.out boot1dd if=
> > The differnce with the old system and Yarrow is yarrow's self-recovery
> > property; Yarrow screens its internal state from the ouside world
> > very heavily, and provides enough perturbation of it from its
> > copious :-) entropy harvesting to keep the state safe from compromise.
>
> Yeah, I
On Sat, 22 Jul 2000, Mark Murray wrote:
> Because of Yarrow's cryptographic protection of its internal state, its
> frequent reseeds and its clever geneation mechanism, this paradigm is
> less important - the output is 256-bit safe (Blowfish safe) for any size
> of output[*]. When you read 1000 b
> Ping...
>
> Does anyone know if ms chap v2 will be integrated into -current any
> time soon? I need it for pptpclient.
>
> If anyone has any patches they'd like public testing on, I'll volunteer. :)
I have some code submitted by Nathan Blinkert - I'll apply them later
today.
> ==ml
--
B
At Fri, 21 Jul 2000 17:22:15 -0700 (PDT),
Nick Sayer <[EMAIL PROTECTED]> wrote:
>
> Something changed very recently in the dhcp client stuff that seems
> to have broke my -current machine's ability to be a dhcp client.
>
> The symptom is that I see
>
> ifconfig: netmask 255.255.255.224: bad val
On Fri, 21 Jul 2000, John Baldwin wrote:
> Bruce Evans wrote:
> > On Thu, 20 Jul 2000, John Baldwin wrote:
> > > ...
> > > unused even though it is, in fact, used. The fact that it works at all is
> > > due to brokenness on our part (we don't check that partitions in a disklabel
> > > fit in the
> > Ping...
> >
> > Does anyone know if ms chap v2 will be integrated into -current any
> > time soon? I need it for pptpclient.
> >
> > If anyone has any patches they'd like public testing on, I'll volunteer. :)
>
> I have some code submitted by Nathan Blinkert - I'll apply them later
> tod
> On Sat, 22 Jul 2000, Mark Murray wrote:
>
> > Because of Yarrow's cryptographic protection of its internal state, its
> > frequent reseeds and its clever geneation mechanism, this paradigm is
> > less important - the output is 256-bit safe (Blowfish safe) for any size
> > of output[*]. When you
The patch does work for client side. I have verified that I can connect
to a windows server using chap v2, but I forgot to do something for
server. Shouldn't take me long. If you need the server part before
Brian gets back, let me know.
Nathan
> Oops, it doesn't work yet, and I'm off on hol
Bruce Evans wrote:
> On Fri, 21 Jul 2000, John Baldwin wrote:
>
> > Bruce Evans wrote:
> > > On Thu, 20 Jul 2000, John Baldwin wrote:
> > > > ...
> > > > unused even though it is, in fact, used. The fact that it works at all is
> > > > due to brokenness on our part (we don't check that partition
Kris Kennaway wrote:
>
> On Sat, 22 Jul 2000, Mark Murray wrote:
>
> > Lots of references: Schneier's "Applied Cryptography" talks about
> > using Good Hashes for crypto and Good Crypto for hashes. Schneier's
> > site at www.counterpane.com will give you plenty.
>
> I havent been able to get my
Kris Kennaway wrote:
>
> On Fri, 21 Jul 2000, Mark Murray wrote:
>
> > Section 2.1, last paragraph:
> > "If a system is shut down, and restarted, it is desirable to store some
> > high-entropy data (such as the key) in non-volatile memory. This allows
> > the PRNG to be restarted in an unguessab
On Sat, 22 Jul 2000, John Baldwin wrote:
> Bruce Evans wrote:
> > The dangerously dedicated case has one slice covering the whole disk. We
> > unclip the slice info from the magic 5 sectors to the size of the whole
> > disk (as reported by the driver) to handle this. Reading the slice info
I cvsup'ed the lastest sources of ~current, but got the
following after only a few seconds
cd /usr/src/usr.sbin/mtree; make _EXTRADEPEND
echo mtree: /usr/obj/usr/src/i386/usr/lib/libc.a /usr/obj/usr/src/i386/usr/lib/libmd.a
>> .depend
cc -O -pipe -DMD5 -DSHA1 -DRMD160 -I/usr/obj/usr/src/i386/u
> On Fri, 21 Jul 2000, Mark Murray wrote:
>
> > Section 2.1, last paragraph:
> > "If a system is shut down, and restarted, it is desirable to store some
> > high-entropy data (such as the key) in non-volatile memory. This allows
> > the PRNG to be restarted in an unguessable state at the next res
On Sat, 22 Jul 2000, Norbert Irmer wrote:
> I cvsup'ed the lastest sources of ~current, but got the
> following after only a few seconds
>
> cd /usr/src/usr.sbin/mtree; make _EXTRADEPEND
> ...
> cc -O -pipe -DMD5 -DSHA1 -DRMD160 -I/usr/obj/usr/src/i386/usr/include -o mtree
>compare.o crc.o
>
> From the Yarrow paper:
> ``Yarrow's outputs are cryptographically derived. Systems that
> use Yarrow's
> outputs are no more secure than the generation mechanism used.''
>
> We currently have Yarrow-256(Blowfish); wanna make it Yarrow-1024? I could
> make it so.
>
> M
> --
> Mark Murray
* Thomas T. Veldhouse ([EMAIL PROTECTED]) [000721 16:01]:
> Hello. I was wondering if there is any work on a Journaling filesystem to
> possible replace, or as an alternative to UFS. I have been following
> ReiserFS for Linux quite closely, and I have had the chance to experiment
> with it. It
> /dev/random should block if the system does not contain as much real entropy
> as the reader desires. Otherwise, the PRNG implementation will be the
> weakest link for people who have deliberately selected higher levels of
> protection from cryptographic attack.
I don't want to rehash this thre
Maybe this belongs in ports, but it looks like the problem is actually
somewhere inside the Perl build, which I think means it belongs here.
Basically, some (all?) ports that install perl libraries want to
install them in /usr/local, without paying proper heed to
PREFIX. Things wind up in /usr/lo
Bruce Evans wrote:
>
> Bootstrapping from 4.0 and previous versions to 4.1 and -current is broken,
> because mtree depends on new library features but must be built before the
> new libraries. You have to somehow bootstrap the new libraries. Maybe
> copy them from a current snapshot.
Grrr...
On Sat, 22 Jul 2000, Mark Murray wrote:
> > So what it if I want/need 257 bits? :-)
>
> Read them. You'll get them. If you want higher quality randomness than
> Yarrow gives, read more than once. Do other stuff; play. Don't get stuck
> in the "I have exhausted the randomness pool" loop; Yarrow d
> "Mike" == Mike Meyer <[EMAIL PROTECTED]> writes:
Mike> Basically, some (all?) ports that install perl libraries want to
Mike> install them in /usr/local, without paying proper heed to
Mike> PREFIX. Things wind up in /usr/local, and I then get complaints about
Mike> missing files for them wh
On Sat, 22 Jul 2000, Jeroen C. van Gelderen wrote:
> You don't care in practice, 256 bits are unguessable.
Actually, I do..that's the entire point of using long keys.
> If you do care, you load a different random module :-)
The core of my complaint is that even though our old PRNG did crappy
e
Marcel Moolenaar wrote:
>
> Bruce Evans wrote:
> >
> > Bootstrapping from 4.0 and previous versions to 4.1 and -current is broken,
> > because mtree depends on new library features but must be built before the
> > new libraries. You have to somehow bootstrap the new libraries. Maybe
> > copy th
On Fri, 21 Jul 2000, The Hermit Hacker wrote:
> If it helps any, I setup an anoncvs mirror for most of the stuff ... not
> sure if it helps any, since you are working off of snapshots, but its
> updated every 4hrs from the central repository, and the CVSROOT for it was
> announced on kde-devel ..
Kris Kennaway wrote:
>
> On Sat, 22 Jul 2000, Jeroen C. van Gelderen wrote:
>
> > You don't care in practice, 256 bits are unguessable.
>
> Actually, I do..that's the entire point of using long keys.
I agree that you need long RSA keys ... but the real
discussion isn't really about key length
On Sat, 22 Jul 2000, Jeroen C. van Gelderen wrote:
> I agree that you need long RSA keys ... but the real
> discussion isn't really about key length but rather about
> the overall complexity of attacking the key:
Okay, using RSA keys wasn't the best example to pick, but Yarrow also
seems easy
Frank Mayhar wrote:
>
> Kent Hauser wrote:
> > I've again been trying to get my sound support working.
> > The problem I have is the machine panic's (RAM parity error)
> > whenever I (for instance) play an mp3.
>
> This is a known problem with the SBLive and machines with ECC memory. So
> far n
On Sun, 23 Jul 2000, Bruce Evans wrote:
> > Do I have to do something special before I can do a 'make buildworld', or
> > is ~current currently broken ?
>
> Bootstrapping from 4.0 and previous versions to 4.1 and -current is broken,
> because mtree depends on new library features but must be bui
I've been spending the past few days trying to get KDE2 from anoncvs to
work on my 5.0-CURRENT machine, totally unsuccessfully. I can get it to
compile and then run 'startx', but it appears to hang on the ksmserver
process ...
Will Andrews, who is working on the KDE2 ports, has the same thing r
In article <[EMAIL PROTECTED]>,
Doug White <[EMAIL PROTECTED]> wrote:
>
> Incidentally, whoever broke this should be shot and strung -- I thought
> that upgrading from the latest -STABLE to -CURRENT was a supported
> operation?
>
> Copying files from snapshots to bootstrap yourself is just plai
makeworld from -stable is broken. Needless to say this is completely
and totally unacceptible. Would the people involved with the mtree
and settofflags changes please get together and fix this right.
cc -O -pipe -DMD5 -DSHA1 -DRMD160 -I/usr/obj/home/imp/FreeBSD/src/i386/usr/include
-o mtre
> > /dev/random should block if the system does not contain as much
> real entropy
> > as the reader desires. Otherwise, the PRNG implementation will be the
> > weakest link for people who have deliberately selected higher levels of
> > protection from cryptographic attack.
> I don't want to reh
38 matches
Mail list logo
