ommand line) except I want to bypass the key derivation
function. (If I were hashing instead of encoding I would just use
"openssl sha1 -sign hmac.pem".)
Michael D. Adams
__
OpenSSL Project
k as in "(*)" except that now
the attacker is attacking the IV and doesn't need to use the backup
system as an oracle. He can just run the hash algorithm himself.
(***) We don't need a block-cipher mode here (it'
th "ps -f" someone else in *another* room can see the command line
arguments of programs that I run.
You wouldn't "chmod a+r" your key files now would you? Having key
contents appears as a command line argument does effecti
y mind
there is a large leap between 'normal users could get this secret
info' and 'user's with root access could get this secret info'.
Michael D. Adams
__
OpenSSL Project
"-pass
file:" would be available, but I haven't been able to find an
equivalent for "openssl dgst" (even the 1.0beta's "-macopt" flag
doesn't do this).
Am I missing something here? What is the p
