On Tue, Jul 16, 2002 at 03:06:53PM -0700, Patrick Powell wrote:
> > From: Lutz Jaenicke <[EMAIL PROTECTED]>
> > OpenSSL itself uses hashes for comparison. If the hashes are identical,
> > so are the certificates.
>
> Ummm... is there an example piece of code that does the hash generation
> and th
Basically, certificate is a public key (KEY 1) signed by another key
(KEY 2).
If there exist a certificate for the second key (KEY 2) signed by a third
key (KEY 3) then we have a "certificates chain":
cert(KEY 1) <-- cert(KEY 2) <-- cert(KEY 3)
wher "A <-- B" means "A is signed by B". Of
Michael Sierchio <[EMAIL PROTECTED]> writes:
> I didn't mean to claim that no one would ever mount such an attack --
> just that there are enormous practical difficulties to getting any
> timing results via SSL session key creation.
Not really. The bad scenario is someone breaking in to a poorly
Perry E. Metzger wrote:
> Michael Sierchio <[EMAIL PROTECTED]> writes:
>
>>Timing analysis is of such little practical value that no one, to
>>my knowledge, is willing to obscure the average key agreement (DH)
>>or decryption (RSA) operation by adding random delays or by making
>>all pubkey opera
Hi
Try out http://www.medracen.net/
This is another implementation of the OpenSSL CA functionality.
I have tried out the openssl CA for development purposes & found it to be
very flexible.
Cheers
Amol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Pau
Geoff Thorpe wrote:
>
> Hi,
>
> On Tue, 16 Jul 2002, Wienckowski, Justin wrote:
>
> > [...]
> > I'd love to re-implement our CA and directory in Unix using OpenSSL.
> > Anyone know of companies or organizations who may have already done
> > this? I'm finding very little publicized on the web,
Michael Sierchio <[EMAIL PROTECTED]> writes:
> Timing analysis is of such little practical value that no one, to
> my knowledge, is willing to obscure the average key agreement (DH)
> or decryption (RSA) operation by adding random delays or by making
> all pubkey operations conform to the upper b
Kocher did work on the SSL v3.0 protocol, which corrects some errors
in the previous version. At the risk of repeating myself, timing
or power analysis attacks are not mounted against SSL, but against
the public key operations. Given the nature of their place in the
protocol, and that -- even i
> From [EMAIL PROTECTED] Thu Jul 11 07:26:50 2002
> Date: Thu, 11 Jul 2002 16:20:58 +0200
> From: Lutz Jaenicke <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: Getting the CERT chain
>
> On Thu, Jul 11, 2002 at 07:12:30AM -0700, Patrick Powell wrote:
> > Question 1:
>
Yeh u are right this was a problem for Pubic Key crypto systems
but even in the implementation of these SSL or TLS first a master
secret is set up with the help of
pre master secret, which is done through the Public Key
Cryptography like RSA, but I just wanted to know
if the RSA or any other p
Hi,
I am a newbie to security and SSL.. but thought this could help.. ( I am
not sure if I am answering your question)
RSA_blinding_on() takes care of the attack which measures the encryption
and decryption time taken by RSA.
hope this will be of some help,
Manish
>Dat
Hi friends,
I am trying to compile bss_log.c in crypto/bio folder and read_pwd.c in
crypto/des folder and it's giving me error syslog.h and sgtty.h not found.
I tried to search those files in openssl-engine-0.9.6d directory but
couldn't find it. Let me know if anybody knows where to include those
Wienckowski, Justin wrote:
> My company is using some Windows software to run a Certificate Authority to generate
>certs for
> corporate employees and resources.
> I'd love to re-implement our CA and directory in Unix using OpenSSL.
> Anyone know of companies or organizations who may have alre
http://openca.org/ ?
Wienckowski, Justin wrote:
> My company is using some Windows software to run a Certificate Authority to generate
>certs for corporate employees and resources. However, this software has proven to be
>extremely buggy and support is horrible, so we're looking at alternative
The Globus project uses OpenSSL for their CA software.
http://www.globus.org
http://www.globus.org/Security/simple-ca.html
-Christopher
-Original Message-
From: Geoff Thorpe [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 12:57 PM
To: [EMAIL PROTECTED]
Subject:
Hi
I am using openSSL for CA, but only for research purposes. I am not sure
whether it will turn out be a good choice for a corporation but it is good
enough for reseacrh purposes. I was given to understand that OpenSSL CA
wasn't mean't to be a full scale one. So i would suggest trying OpenCA.
I
Hi,
On Tue, 16 Jul 2002, Wienckowski, Justin wrote:
> My company is using some Windows software to run a Certificate Authority
> to generate certs for corporate employees and resources. However, this
> software has proven to be extremely buggy and support is horrible, so
> we're looking at alte
My company is using some Windows software to run a Certificate Authority to generate
certs for corporate employees and resources. However, this software has proven to be
extremely buggy and support is horrible, so we're looking at alternatives.
I'd love to re-implement our CA and directory in
Hi,
I am trying to encrypt a session key that I created using DES_KEY_SCHEDULE. I am using
RSA_public_encrypt to encrypt the session key (8 bytes) with the public key using
RSA_PKCS1_OEAP_PADDING. This creates a 64byte encrypted session key. I send this to
the
Server on the windows machine.
Shalendra Chhabra wrote:
> "Is SSL 3.0/TLS susceptible to Pauls Timing Analysis
> Attack"???
The protocols do not address the issue in any way -- this
is an implementation problem for the Public Key Crypto
component.
__
OpenSSL
On Tue, Jul 16, 2002 at 09:09:07AM +, julien crespin wrote:
> I'm working on Openssl, and I'd like to seperate the project in two
> distinguished parties, Server and Client.
> Do you know how it works? There are many files, and I don't understand very
> well the functionning of each file...
Hi,
I've been trying to implement fakebasicauth because I hate having to
authenticate on every reload using normal client certificate
authentication.
However I can't get it to work on openbsd. I've followed the directions at:
http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html
and it just won'
On Tue, Jul 16, 2002 at 11:28:32AM -0400, Kervin Pierre wrote:
> this is actually what I thought as well.
>
> Is there a suitable replacement?
>
> Here is how the function is used...
>
> from ldap/libraries/libldap/tls.c
>
> //=
>
> static X509 *
>
Hello,
I'm working on Openssl, and I'd like to seperate the project in two
distinguished parties, Server and Client.
Do you know how it works? There are many files, and I don't understand very
well the functionning of each file...
Thank you.
CRESPIN Julien
ASCOM-France
[EMAIL PROTECTED]
I have downloaded and installed the openssl-0.9.6d version on Solaris 8 but
when I issue the SSL_CTX_new function my program core dumps. I have looked
at the SSL_CTX_new functions and it fails doing the ssl_create_cipher_list.
Are there any known problems here?
I would also like to add that have
25 matches
Mail list logo
