"Salz, Rich" wrote:
>
> >Can somebody tell me if this method of seeding the RNG secure enough?
>
> It's not. Not by a LONG shot.
>
> If an adversary can figure out what random data you started with, then s/he
> could duplicate all your important functions -- session keys, keygen, etc.
>
> I
I'm having problems when I call SSL_accept on a socket
that's been accepted from a nonblocking socket.
Everything works fine if the listening socket is
blocking, but when it becomes nonblocking, SSL_accept
dies and I can't do any read/write operations.
I was wondering if anyone else has run into
__
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
__
OpenSSL Project http://www.openssl.org
Brian Snyder <[EMAIL PROTECTED]> writes:
> Why, when the de-facto standard of internet development/protocol work is to
> use open (royalty-free) protocols, did the world of SSL seem to standardize
> on a patented algorithm such as SSL. I mean SSL is totally out there for
> the world to use, but t
> -Original Message-
> From: Salz, Rich [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 10, 2000 9:55 AM
> >Can somebody tell me if this method of seeding the RNG secure enough?
>
> It's not. Not by a LONG shot.
If we want to be pedantic, "secure enough" is only meaningful in terms o
Here's something on this note that I wonder about.
Why, when the de-facto standard of internet development/protocol work is to
use open (royalty-free) protocols, did the world of SSL seem to standardize
on a patented algorithm such as SSL. I mean SSL is totally out there for
the world to use, b
I appoligize if this URL has already been sent to the list or if it's
documented somewhere, I found it most useful when I started using SSLeay
and I believe most applies to OpenSSL:
http://www2.psy.uq.edu.au/~ftp/Crypto/
It's Hudson and Young's FAQ for SSLeay.
Hullo!
Just started using OpenSSL on a RH6.2 box. I configured, made, installed
with the defaults, took the stock ssh.pam file and slapped it into
/etc/pam.d/ssh however I could not authenticate. I'm using a DSA host key
and attempting to connect from localhost. I've tried it without using PAM
b
Geoff Thorpe wrote:
> Which leaves
> the mathematical consideration of the multi-prime keys themselves, and
> their generation, to be debated (ie. I doubt the patent could rest on an
> argument that it is a physical process, or an implementation invention,
> because that should bang its head on t
U need to include the libraries in your compilation. Something like:
gcc -lcrypto -lssl -ocli cli.cpp.
Arun.
-Original Message-
From: Tewari, Vijay <[EMAIL PROTECTED]>
To: 'Open-SSL' <[EMAIL PROTECTED]>
Date: Wednesday, May 10, 2000 9:15 AM
Subject: Compilation Problems
>Hi,
>I am newb
Hi all,
I'm having trouble with x509v3 extensions: my home-made certificates do not
work for client authentication.
Netscape's complain is that "The certificate is not approved for the
attempted application", and in the apache error_log I get the following
line:
"...sslv3 alert bad certificate
>Can somebody tell me if this method of seeding the RNG secure enough?
It's not. Not by a LONG shot.
If an adversary can figure out what random data you started with, then s/he
could duplicate all your important functions -- session keys, keygen, etc.
In particular, the value of rand() depends
Matthieu Herrb wrote:
>
> Hi,
>
> I'm new to this list, and I did not find anything obvious matching my
> problem in the mail archives, so please excuse me if it's a FAQ or if
> the question is silly.
>
> I'm using OpenSSL 0.9.5a to sign messages with a certificate that I
> have exported from N
Amit Chopra wrote:
>
> Have you explicitly seeded the RNG by calling RAND_seed() or
> RAND_add() ? You need to do that.
>
> For example you can do :
>
> srand((unsigned)(time(NULL))); //C Runtime Function
> int seed[1024];
> for(int i = 0; i < 1024; i++)
> seed[i] = rand(); //C Runt
> What I see happening is slightly different though... I know I
> should expect
> about 600 chars back from the server, and I can set the SIZE to
> 700, and the
> read gives me 600 chars read... and all is fine... but the next select for
> some reason... seems to return a 1 again... then the rea
Hi,
I'm new to this list, and I did not find anything obvious matching my
problem in the mail archives, so please excuse me if it's a FAQ or if
the question is silly.
I'm using OpenSSL 0.9.5a to sign messages with a certificate that I
have exported from Netscape and converted to PEM format with
On Wed, May 10, 2000 at 11:02:43AM +0530, Amit Chopra wrote:
> srand((unsigned)(time(NULL))); //C Runtime Function
> seed[i] = rand(); //C Runtime function
> Can somebody tell me if this method of seeding the RNG secure enough?
It is not. rand() was never meant to be a cryptographic
How is this done? I have attached a VB6 module
modcrypt.bas by Barry Dunne which uses rc4 and Microsoft Base Cryptographic
Provider 1.0...
I can get this to rc4 encrypt / decrypt under
Windoze. Although it iterates the hashing of the password, then creates a
session key from it, and the r
Hello,
I am newbie on SSL and I have a problem with a SSL client. My client
use the SSL following function and I have built it with ssleay 0.9.0
and I have tried on the www.radisson.com site It works but When I have
built my client
with openssl 0.9.5, I get:
SSL_connect:SSLv3 write client hel
Pete Chown wrote:
>
> Salz, Rich wrote:
>
> > > Pls excuse my silly question. Can anyone kindly tell me that does
> > > signatures have fixed lengths, or not.
> >
> > For RSA sizeof(sig) == sizeof(key)
>
> For DSA, the signature is 320 bits -- two numbers the size of the
> small modulus. For E
Vladimir Ivaschenko wrote:
>
> Hello everyone.
>
> I'm a new subscriber, so please try to take it easy on me :-)
>
> I've been trying to get extract private key from .key file from IIS. I
> found a message in the mailing lists stating that I need to find the
> "private-key" string in the file a
Brian Snyder wrote:
>
>
> In short, this article only applies to SSL embedded clients, and that RSA is
> legal to use to authenticate a signature to a web server (who have paid the
> license fee)... in an embedded SSL client, the client doesnt really use RSA
> for encryption of data. In anycase
Hi there,
On Wed, 10 May 2000, Vin McLellan wrote:
> > http://www.cyberlaw.com/rsa.html
good read, it got my brain chewing anyway. :-)
> The RSA guys, for whom I have been a consultant for many years, got a
> bitter laugh out of it. They said, basically, that Flinn had tried out the
> s
Olivier Reymann wrote:
> I want to certificate request with 128 bit keys in order to respect the law in
> France. Does anyone tried this ? if yes, how ?
I honestly don't think french law would require you to use 128-bit RSA
keys. The 128 bit keysize you are referring to is probably intended for
u
> http://www.cyberlaw.com/rsa.html
Know that one. The author, Patrick Flinn, was the attorney for Cylink (and
Stanford University, I think) in the long RSA/Cylink litigation over the
viability of the RSApkc patent.
In some corners of the industry, Mr. Flinn is remembered as the f
Salz, Rich wrote:
> > Pls excuse my silly question. Can anyone kindly tell me that does
> > signatures have fixed lengths, or not.
>
> For RSA sizeof(sig) == sizeof(key)
For DSA, the signature is 320 bits -- two numbers the size of the
small modulus. For ElGamal the signature is twice the leng
26 matches
Mail list logo
