search for: dabo

After browsing "Remote timing attacks are practical" (Boneh & Brumley, <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I wonder if it might be a good idea to add calls to RSA_blinding_on() before the OpenSSL RSA decryption routines are invoked. The issue is not a LAN-only issue, BTW. Packet delay variation is usually higher in LANs than in WANs. -- Florian Weimer...

I''ve only had the briefest play with wxSugar and already I like it a lot. One small question - have you considered some more ''convention over configuration'' like they do in rails, in particular for event connectors? So instead of listen(:button, my_button, my_button_pressed) you can leave it out entirely and rely on the convention that a button has a _pressed

Hi! The encoding, decoding and recoding cost cpu time, that's sure. But does this time differs much depending on the used codec? Is - for example - a G729 faster than a GSM codec? Bye! Michael

...to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only. Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1). * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled. * sshd(8) now removes X11 cookies when a session gets closed. * ssh-keysign(...

...to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only. Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1). * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled. * sshd(8) now removes X11 cookies when a session gets closed. * ssh-keysign(...

...to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only. Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1). * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled. * sshd(8) now removes X11 cookies when a session gets closed. * ssh-keysign(...

Hi! I want to connect my asterisk system to the PSTN. Now I'm thinking about using an analog modem as FXO device. Which modems do run? How is the voice quality? (I looked into the wiki, but on <http://www.voip-info.org/tiki-index.php?page=Asterisk%20hardware> no regular modems were mentioned. Or should I use a special FXO-card? I don't want to spend 99$ for such a thing but

...to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only. Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1). * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled. * sshd(8) now removes X11 cookies when a session gets closed. * ssh-keysign(...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced:

Hi! I want to install a X100P. I think I did everything according to the manuals I found in the net. I loaded the modules and I edited the config files according to <http://www.digium.com/downloads/hw_article>. I start ztcfg that tells me everything is alright. But when I start asterisk it tells me the error as posted in the subject. Why? I'm using kernel 2.6 could that be a

Hi! In the past I had problems with the audio over sip. Then I tried the "-p" Option and increased the memory. Now it is better but not perfect. Are there any more possibilities to increase it more? By now I'm using a P-II/333. Could a completely hand optimized kernel (I use 2.6.) help a bit? Bye! Michael

Hi! Imagine I have a SIP phone named A. I have a target phone named B. And I have an asterisk server called C. No I call the target B from my phone A. Is the ip traffic routed directly from A to B or goes it from A to C to B? Background for this question: I want to buy a DSL-router with integrated SIP client. (Mostly because of the integrated QoS) But I want to have the flexibility of

Hi! The X100P is working - partly. I can make outgoing calls. But the card has got a problem detecting incoming calls. Even in verbose mode I don't see any hint that the card detects a call. At the moment I'm using the card behind my old ISDN telephone system. Could it be a problem with the line voltage? Can I adjust anything when loading the kernel module? Bye! Michael

Hi! Some - few - providers are using IAX2 as a protocol. Most are using SIP. I know that there are advantages of IAX2 regarding multiple connections. But beside this I'm asking myself (and you all) why I should prefer IAX2 when my SIP connection is working. Are there differences in the performance? Bye! Michael