search for: cryptographic

Now that OpenSSL has received FIPS 140-2 certification, does anyone know if the work started a couple of years ago to allow OpenSSH to use OpenSSL in FIPS mode will be reactivated? Bill

...10:27?AM Joel GUITTET <jguittet.opensource at witekio.com> wrote: > We currently work on a project that require SSH server with FIPS and > using OpenSSL v3. Gently: this is meaningless. You probably mean one of the following: 1. The SSH server implementation is required to use only cryptographic algorithms that are FIPS-approved. 2. The SSH server implementation is required to be FIPS-validated. If you mean #1, you don?t have to patch anything: it is trivial to configure the various sshd options to permit only FIPS-approved cryptographic algorithms. If you mean #2, then patches aren?...

...-2008-007 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Asterisk installations using cryptographic keys | | | generated by Debian-based systems may be using a | | | vulnerable implementation of OpenSSL | |--------------------+---------------------------------------------------| | Nature of Advisory | Compromised cryptographic keys...

These two functions in cipher.c (I have looked at openssh5.8p1 & openssh5.9p1) copy the internal cryptographic state of an OpenSSL RC4 encryption/decryption context using simple memcpy(). This code also copies the state when evptype is EVP_acss, which I am unfamiliar with. This code appears to works fine when using the builtin crypto of OpenSSL 1.0.0d. However, I have been doing some work to make OpenSS...

Author: kais Repository: /hg/zfs-crypto/gate Revision: af99262cf4c4e55fca29e9b86ad9369fd928745e Log message: PSARC/2005/413 sun4v optimized MD5 and arcfour kernel cryptographic modules 6278572 port Spracklen''s fast MD5 on Niagara to solaris 6278578 port Spracklen''s fast RC4 on Niagara to solaris Files: create: usr/src/common/crypto/arcfour/sun4v/arcfour_crypt.c create: usr/src/common/crypto/md5/sparc/sun4v/byteswap.il create: usr/src/uts/sun4v/arcfou...

...ity bits but performance. On a decent > > x86 box the SHA1 performance is almost the same as MD5's but with > > acceleration it outperforms MD5. > > > > The other alternative would be to go for xxHash64 [0] which has the > > superior performance but provides a non-cryptographic hash so I though > > SHA1 would be better here. > > [...] > > With respect to *both* speed and security, wouldn't BLAKE3 be a better, > modern alternative if we're looking at checksumming? > It's "[r]eleased into the public domain with CC0 1.0. Alternativel...

Author: mcpowers Repository: /hg/zfs-crypto/gate Revision: a89079c72c5d3408f62bb8beabbb7fc76cfcd569 Log message: PSARC 2005/576 Support for complex cryptographic mechanisms PSARC 2005/630 session, object, and key management kernel crypto API PSARC 2005/656 AES CTR mode for KCF PSARC 2005/659 Hiding members of KCF logical providers 4721729 Support AES Counter mode for encryption 6243992 dprov stores attributes based on data model of application 6203141 Sessi...

https://bugzilla.mindrot.org/show_bug.cgi?id=1914 Summary: ssh-add: add an option to cryptographically verify if agent can access the matching private key of a given public key Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Pr...

Hi, Does FASTIPSec in FreeBSD use OCF framework ? Where can I find more documentation ? I wish to run cryptographic algorithms after setting a VPN. What command should I use to run a particular crytographic algorithm (e.g. 3DES etc.) Where can I find all such information ? -- Regards, Bubble

https://bugzilla.mindrot.org/show_bug.cgi?id=2054 Bug ID: 2054 Summary: Environment fails to provide cryptographic identity of remote party Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Hardware: All OS: All Status: NEW Keywords: low-hanging-fruit, needs-release-note Severity: enhancem...

On 2020-03-17 00:03:03 [+0100], Dimitrios Apostolou via rsync wrote: > On Thursday, February 20, 2020 10:34:53 PM CET, Sebastian Andrzej Siewior > via rsync wrote: > > > > I'm still not sure if rsync requires a cryptographic hash _or_ if a > > strong hash like xxHash64 would be just fine for the job. > > I'm fairly sure the hash should *not* be easy to spoof, so I'd say a > cryptographic hash is needed. > > As an example, if a file is replaced by a file of the same size and same > hash...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone else using CFS on CentOS 4.4 ? I have started using it today (unimportant stuff for now, for testing), and am wondering what are other people experiences with it. I'm using version 1.4.1, rpms kindly provided by Karan on his repository. My main concern is data loss, not security itself. From what I noticed, the strenght of CFS crypto is

...I derive the name from what the type contains the > > length of that name is essential unbound. So how does one generate > > names?  I'm thinking of just using a long hash and hoping I don't get > > accidental collisions. Surely there must be a better way? > > Just a cryptographic hash (e.g. SHA1) to avoid the need to "hope" that there are no collisions. > > -- Sean Silva  Cryptographic hashes don't guarantee you get no accidental collisions; their goal is to make it super hard to produce a collision _on purpose_. What you need is an algorithm designed f...

> > This is a completely inappropriate comparison. LibreSSL is a cryptographic library. Creating a high-quality cryptographic library requires much more than eliminating buffer overruns (etc.). What I don't get this what is the point of a "somewhat secure". Does it make a difference if takes 5 minutes of 5 hours to find a buffer overflow? >> What allocat...

Hello. Probably only Timo can help-me with this. I have a self-made plugin based on the zlib plugin that i use to cryptograph the messages at inbox. As a side-effect of the cryptography, my plugin changes the size of the message, but until 2.0.19 this works well with dovecot index and the W/S flags. But now, i'm going to upgrade to 2.1.17 and now i have these messages on log at my test

...e` later, I did: $ export WINEDEBUG=relay # this feature rocks too much! $ make -f makefile.win64 1>cl64.log 2>&1 $ less cl64.log $ # stare $ # stare $ # stare... aha! HKEY_LOCAL_MACHINE/Software/Microsoft/Cryptography/Defaults/Provider Types/Type 001 => Name = "Microsoft Strong Cryptographic Provider" (REG_SZ) HKEY_LOCAL_MACHINE/Software/Microsoft/Cryptography/Defaults/Provider Types/Type 001 => TypeName = "RSA Full (Signature and Key Exchange)" (REG_SZ) HKEY_LOCAL_MACHINE/Software/Microsoft/Cryptography/Defaults/Provider/Microsoft Strong Cryptographic Provider =>...

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11...

...nd move to the MI Scheduler soon. Also, have you looked at randomizing register-allocation ? > We would also include a secure random number generator which links > against OpenSSL. This would of course be an optional module disabled > by default, but is necessary so the randomization is cryptographically > secure and useful in security applications. I am not sure why you need this feature. You can provide LLVM with a SEED value that can be controlled from the command line. A wrapper (such as a build-script) can control this value. > > We are in the process of writing test case...

...problem is that if I derive the name from what the type contains the > length of that name is essential unbound. So how does one generate > names? I'm thinking of just using a long hash and hoping I don't get > accidental collisions. Surely there must be a better way? > Just a cryptographic hash (e.g. SHA1) to avoid the need to "hope" that there are no collisions. -- Sean Silva -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130619/ecee5cf2/attachment.html>

...I've been thinking about future harvest now, decrypt > later attacks against CC20 and AES. Are there post quantum ciphers that can > effectively replace these available or in development? Is the threat still > too far off to be a serious concern? Grover's search algorithm gives a cryptographically-relevant quantum computer a quadratic speedup. This effectively halves the strength, as expessed in bits, of symmetric ciphers and (I think) hash algorithms. I.e. AES-256 would be "as strong" as AES-128, and AES-128 would be reduced to 64-bit equivalent strength. The latter sounds pr...