I have just read the Intel "technical brief" covering the Intel hardware RNG
device (ftp://download.intel.com/design/security/rng/techbrief.pdf)
interesting read; although it and the accompanying documents
(http://developer.intel.com/design/security/rng/rngppr.htm) still do not
cover in detail and
Granted; guess I should not have given such high praise to the
quality/uniqueness of that this device produces since they do not provide
information on its design nor state that it has been evaluated by any
qualified independent reviewers. My assumption was and I guess still (to
some degree) that
> I am not sure I understand what you are saying
You called the intel h/w rng "excellent." I believe consensus is "we
don't know."
The code you showed does exactly the right thing: don't rely on the h/w
RNG directly, but use it as an entropy source.
/r$
--
Zolera Systems, Secu
Remove
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Rich -
I am not sure I understand what you are saying; currently rand_win.c
calles CryptGenRandom (CryptoAPI) and the "INTEL_DEF_PROV " to acquire input
to the entropy functions in OpenSSL.
/* poll the Pentium PRG with CryptoAPI */
if (acquire(&hProvider, 0
-Original Message-
From: Mehmet Musa [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 3:06 PM
To: [EMAIL PROTECTED]
Subject: Re: non passworded server cert?
When you created your private key you were asked a PEM passphrase (option
-des3). Hence each time you try to read it
hai lutz and all,
thanks for the information. i did check the SSL_get_error and found that
SSL_ERROR_SYSCALL and SSL_ERROR_SSL are being raised, on using ERR_get_error() i got
the return value of 0 and 336195711 resp for SSL_ERROR_SYSCALL and SSL_ERROR_SSL.
can u tell me how i can overcom
Thanks, and since we're not using g++ here we don't see that problem.
I did say it was a bad hack...
Looking forward to 0.9.7.
Harlan
--
> > warning: function declaration isn't a prototype
>
> Many, if not most, of these are in the ASN.1 code, which is being
> replaced for 0.9.7. Some
> warning: function declaration isn't a prototype
Many, if not most, of these are in the ASN.1 code, which is being
replaced for 0.9.7. Some of us here (at Zolera) started down the path
of fixing that to-be-obsolete code, but it got to be too much.
> have hackishly "fixed" by changing t
>excellent source of random data available to you
I thought consensus was that since it was a closed system, whiten it or
use it as input to entropy.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
___
Use the current certificate and private key and decrypt the private key.
Ryan
-Original Message-
From: Travis Farmer [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 1:00 PM
To: [EMAIL PROTECTED]
Subject: RE: non passworded server cert?
and then do i make a cert from the d
and then do i make a cert from the decrypted key (seems to cause errors) or
use the current cert and the decrypted key?
~Travis
>From: Ryan Hurst <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: RE: non passworded server cert?
>Date: Sat
Use the OpenSSL command line tool to decrypt the key...
Ryan
-Original Message-
From: Travis Farmer [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 12:30 PM
To: [EMAIL PROTECTED]
Subject: non passworded server cert?
I got a CA cert now and made a working server certificat
I got a CA cert now and made a working server certificate. the problem is,
it asks for a password everytime the server starts. how can i fix this?
~Travis
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
There are a handful of header files in the openssl distribution that
produce warnings from gcc like:
warning: function declaration isn't a prototype
These are usually from sections of code that look like (*foo)(), which I
have hackishly "fixed" by changing them to (*foo)(void) .
This is
On 09/08/01 01:04 PM, Lutz Jaenicke sat at the `puter and typed:
> On Fri, Sep 07, 2001 at 05:39:52PM -0400, Louis LeBlanc wrote:
> > Now I have another problem. In trying to call
> > SSL_CTX_flush_sessions(ssl_ctx, time(0));
> >
> > I am being blessed with a core dump.
>
> [output deleted]
>
Did you know that many of the new Intel desktop and server
chipsets have a built in Hardware Random Number generator? I did not until a
while ago. If your computer uses the Intel® 815 chipset, Intel® 820
chipset, Intel® 840 chipset, Intel® 850 chipset, or Intel® 860
chipset you have a excel
MORTGAGE QUOTES
DEBT CONSOLIDATION-REFINANCING-SECOND MORTGAGES-HOME IMPROVEMENT
CLICK HERE
INTEREST RATES GOING DOWN!
You can:
GET OUT OF DEBT!
GET A BETTER % RATE ON YOUR LOAN!
IMPROVE YOUR HOME!
HAVE EXTRA SPENDING MONEY!
CLICK HERE
For a FREE Quote!
It's
QUICK , EASY and COMPLETE
OpenSSL v0.9.5a
Linux 2.2.17 (mdk 7.2)
What is the easiest way to first create a new CA?
then i have to create a new server certificate and public key.
how should i go about doing this?
My first attempts failed (server key didn't seem to work).
I have a fresh install of Linux (note to self, don'
On Fri, Sep 07, 2001 at 05:39:52PM -0400, Louis LeBlanc wrote:
> Now I have another problem. In trying to call
> SSL_CTX_flush_sessions(ssl_ctx, time(0));
>
> I am being blessed with a core dump.
[output deleted]
> I could be wrong, but I think that negative value on the timeout is a
> bad thi
On Sat, Sep 08, 2001 at 01:48:12AM -, ganesh kumar godavari wrote:
> hello,
> using concurrent process i am trying to send data by calling the function
>sockWriteSSL(code given below), most of the time i am unable to send as SSL_write
>return -1.
man SSL_get_error()
Best regards,
21 matches
Mail list logo
