"Michael D. Adams" writes:
> On Thu, Oct 1, 2009 at 4:24 PM, Ger Hobbelt wrote:
>> A note about your mention of 'security leak': when you are worried
>> about adversaries who can run 'ps -l' on your machine, then you're
>> essentially worried about adversaries with plenty of access to your
>> ma
On Thu October 1 2009, Michael S. Zick wrote:
> On Thu October 1 2009, Michael D. Adams wrote:
> > On Thu, Oct 1, 2009 at 4:24 PM, Ger Hobbelt wrote:
> > > A note about your mention of 'security leak': when you are worried
> > > about adversaries who can run 'ps -l' on your machine, then you're
>
(OT)
just kidding.
* Michael S. Zick wrote on Thu, Oct 01, 2009 at 16:44 -0500:
> Everbody in the same room should be sufficiently security qualified
> to see anything typed within that room.
cheating pupils in school exams probably won't agree, neither
will people who are writing love letter SM
> It was my understanding that the HMAC key needed to be secret even
> when used for verification. (Otherwise people could forge an HMAC.)
Correct.
>From what you wrote, I understand you're using crypto for files. When
one thinks of the H(filecontent) as the 'sector number' and the file
itself
Unsticking foot for 60 seconds - and, yes, this time I checked before
I blab. Let's hope I checked enough:
On Thu, Oct 1, 2009 at 11:25 PM, Michael D. Adams wrote:
> Any normal user on a Linux machine would be able to see 'ps -f'. But
> to 'cat' the keyfile or coredump the app, they would need t
On Thu, Oct 1, 2009 at 4:37 PM, Kyle Hamilton wrote:
> The question becomes more one of: Why does the OP need to keep the
> HMAC computation key secret? Is the OP using the same key for HMAC
> calculation as for symmetric encryption? (If so, why? If not, why
> does the OP need to keep the verifi
On Thu, Oct 1, 2009 at 5:44 PM, Michael S. Zick wrote:
> Misplaced security barrier -
> The user should be sufficiently security qualified to see what they type.
> Everbody in the same room should be sufficiently security qualified
> to see anything typed within that room.
> The room should be suf
On Thu, Oct 1, 2009 at 10:33 PM, wrote:
> admin# echo 100 > /tmp/p.txt
> admin# sleep `cat /tmp/p.txt` &
> [1] 21988
> admin# ps -ef | grep sleep | grep -v grep
> root 21988 3150 0 22:29 pts/0 00:00:00 sleep 100
Dang. Buggerit buggerit buggerit.
Yep, you're absolutely right.
How long
On Thu October 1 2009, Michael D. Adams wrote:
> On Thu, Oct 1, 2009 at 4:24 PM, Ger Hobbelt wrote:
> > A note about your mention of 'security leak': when you are worried
> > about adversaries who can run 'ps -l' on your machine, then you're
> > essentially worried about adversaries with plenty of
On Thu, Oct 1, 2009 at 4:24 PM, Ger Hobbelt wrote:
> A note about your mention of 'security leak': when you are worried
> about adversaries who can run 'ps -l' on your machine, then you're
> essentially worried about adversaries with plenty of access to your
> machine, so they'll quite probably be
On Thu, Oct 01, 2009, Michael D. Adams wrote:
> How would I securely compute a MAC for a file? The obvious way
> (below) has a security leak as it puts the key on the command line
> which other users could easily observe with "ps -f".
>
> $ openssl dgst -sha1 -hmac
>
> I would have thought th
`cat keyfile` is processed by the shell, not by OpenSSL. That means
that the backquotes are processed and stripped before the OpenSSL
process ever sees it, which means that the shell is going to execute
the cat and then will execute the dgst with the commandline including
the contents of the cat.
Hello,
owner-openssl-us...@openssl.org wrote on 10/01/2009 10:24:11 PM:
> Ger Hobbelt
> Sent by: owner-openssl-us...@openssl.org
> ;-) Of course, you always could go an use shell backquoting, e.g.
>
> dgst -hmac `cat keyfile` ...
>
> assuming the 'keyfile' is in the proper format already.
;-) Of course, you always could go an use shell backquoting, e.g.
dgst -hmac `cat keyfile` ...
assuming the 'keyfile' is in the proper format already.
A note about your mention of 'security leak': when you are worried
about adversaries who can run 'ps -l' on your machine, then you're
essentiall
14 matches
Mail list logo
