I think the short answer is that the user won't know - this is the practical answer.
The technical answer is the the user must be
able to run an app such at MD5 against the browser code that will confirm that the
browser is legit. But of course the md5 app
might have been compromised and par
This may be slightly off-topic, so let me apologize in advance.
The SSL protocol requires that the client side (say a browser) use
appropriate crypto to read the server's certificate and verify the signature
on the transmitted public key (using the public key of a trusted 3rd party
such as Verisi
No, I'm not asking what your password is. But some people gotta have a
theme, and I'm wondering what type of text you guys would use for your
secure certificate password? A completely random grouping of letters and
numbers? Lyrics from an obscure song? Your social security number?
(Kidding, ki
> But then, can't you just compile everything as normal, and
> change the allowed ciphersuites in the configuration..? It surely can't
> be illegal to compile the 3DES in, but simply not use it.
In fact, that's what I'll plead for, if there is no other simple solution.
It may even get acce
Stefano Bergamasco wrote:
>
> "The error was: The certificate revocation list for this site's certificate
> is not yet valid.
> Reload a new certificate revocation list."
> UserB's e-mail is correctly rejected because:
> "The error was: This operation cannot be performed because a required
> cert
Looking at RSE's mkcert.sh (from mod_ssl) I found
that it is obviously *not* required to use the ca
command to sign a CSR with a CA's certificate; this
can very well be done with the x509 command.
OTOH, the ca command seems to be the only way to
create a CRL. Is this observation correct? The crl
> "William" == William H Geiger <[EMAIL PROTECTED]> writes:
William> I am rather confused as to why Red Hat would go with a closed, proprietary
William> crypto library instead of going with OpenSSL, doesn't seem to be the Linux
William> way.
Because if they used OpenSSL, they could be sued f
I am working with CRLs and signatures in e-mail; I have the following
problem with Netscape Messenger (4.61)
I emitted two certificates (say UserA and UserB). I gave them to a couple of
friends. UserA wrote me a signed e-mail. After that I revoked UserB's
certificate and published a CRL. Then I t
Howdy all,
I'm trying to build a dll using OpenSSL (of course). In the installation
notes for the w32 platform there was a special note:
...
One final comment about compiling applications linked to the OpenSSL
library.
If you don't use the multithreaded DLL runtime library (/MD option)
your
p
Nicolas Roumiantzeff wrote:
>
> Could you describe this "meet-in-the-middle" attack on the 3-DES?
OK, well, it's a known-plaintext attack. You encrypt the known plaintext
with all 2^56 possible keys for the first step, and store the results.
You then decrypt the ciphertext with all 2^112 possibl
Could you describe this "meet-in-the-middle" attack on the 3-DES?
Nicolas Roumiantzeff.
-Message d'origine-
De : Ben Laurie <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : vendredi 12 novembre 1999 20:13
Objet : Re: Compiling OpenSSL without 3DES
>Nicolas Roumiantz
>The point is that _the French law_ says: "Thou shalt not use a keylength
>greater than 128 bits". There's no room for interpretation, here. Even if
>I invented my own cipher, no matter how rotten it might be (why not use
>XOR ? ;-)) ), I simply wouldn't be allowed to use a 129 bit key ! It's
I'm using this w/UW imapd:
http://www.hitachi-ms.co.jp/bjorb/en/
Cheers,
Carlos
Emilian Medve wrote:
> Thank you.
>
> Emil.
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Maili
Bruno Treguier wrote:
> I've got another question about 3DES and SSL: isn't the SSL protocol limited
> to a 128 bit keylength ? If this is true, how is 3DES handled ? Is the 3rd
> key only partially used ? Or is the "key1, key2, key1" scheme used ?
The simple answer is that SSL isn't limited to 1
But for the French authorities you would have to prove taht DES is a group.
Beside, the 3-DES implementation used in SSL is not exactly a composition of
3 DES function (the initial and final seps of the DES algorithm are done
only once instead of 3 times).
Nicolas Roumiantzeff.
>And whether 3-D
Ben:
> > Anyway, French laws aren't that specific. All they talk about is a
> > "key length", so even if you're right, Ben, I don't want to get into
> > trouble just because a pen pusher will have made the wrong assumption.
> > ;-)
>
> That's up to you, but I don't know _anyone_ who thinks that
16 matches
Mail list logo
