search for: eavesdropp

Displaying 13 results from an estimated 13 matches for "eavesdropp".

Did you mean: eavesdrop
2001 May 01
3
SRP unencumbered license statement
...hat sort. That is, not only are we free and clear, but the algorithm is safe from future claimjumpers trying to patent it. Not to mention that it provides strong authentication of both client *and* server, even when the host key has changed or is unknown, and it doesn't leak any information to eavesdroppers or MITM. :-) So, SRP is ready to go. Speaking of which, an up-to-date tarball and patch are available: http://members.tripod.com/professor_tom/archives/OpenSSH-2.9p1-srp7.tar.gz http://members.tripod.com/professor_tom/archives/OpenSSH-2.9p1-srp7.patch.gz The patch is vs. the 20010501 CVS, t...
2008 May 14
1
Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
...d a static version of tinc on an affected platform, you need to recompile tinc to ensure it is statically linked with a fixed OpenSSL library. I do not know if the session keys also have been weak, but it is best to assume they were. If you exchanged private key material via your tinc VPN, then an eavesdropper may have seen seen this as well. Regenerate any keying material that you have exchanged via your tinc VPN if any of the nodes was running on an affected platform. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------...
2008 May 14
1
Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
...d a static version of tinc on an affected platform, you need to recompile tinc to ensure it is statically linked with a fixed OpenSSL library. I do not know if the session keys also have been weak, but it is best to assume they were. If you exchanged private key material via your tinc VPN, then an eavesdropper may have seen seen this as well. Regenerate any keying material that you have exchanged via your tinc VPN if any of the nodes was running on an affected platform. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------...
2014 Mar 06
1
Encryption
Am I correct in assuming that the user and host public/private keys used in openSSH are only used for authentication (is the remote server known to be X, is this Harry trying to login), and have no role in the encryption? I was under the assumption that each connection used a newly generated key (using DH for key exchange) so each session was unique. (I believe this because the transport layer
2011 Feb 22
1
problems making a daily backup via rsync.
Hi there: I'm doing a backup of some of my machines via rsync, and I have the next problem: ------------------ [Tue Feb 22 02:51:13 CET 2011] /usr/bin/rsync -az --delete --numeric-ids --relative --delete-excluded --rsh=/usr/bin/ssh root at server1:/var/spool/exim /data/backups/server1 [Tue Feb 22 02:51:28 CET 2011] /usr/bin/rsync -az --delete --numeric-ids --relative --delete-excluded
2020 Mar 24
1
At rest encryption (with protected crypto keys)
Hi, As stated on the Dovecot documentation, at rest encryption is possible [1]. However, these keys are present on the system itself and are unprotected. Therefore, if a system is compromised, the attacker has access to the encrypted mail and the keys. There is no security benefit in that situation, except for hoping that the attacker doesn't understand that this is happening and how.
2001 Dec 29
0
about tinc security
...t' of 2 bytes containing a cryptographically strong random value. It plays the role of an IV according to the manual "2 bytes of salt (random data) are added in front of the actual VPN packet, so that two VPN packets with (almost) the same content do not seem to be the same for eavesdroppers." The forwarded packet is appended. The couple salt and forwarded is padded to be 64bit aligned (blowfish's block size). The whole (salt, forwared packet and padding) is encrypted with blowfish in CBC. 2 Vulnerabilities This serction explains how an attacker can modify pa...
2005 Oct 19
1
Initialising a mirror
Dears, I would like to mirror data from 2 servers connected together via VPN over ADSL lines (dwn 2Mbps/Upld 512Kbps). I'm sure rsync is one of the best tool to keep these data in sync but how should I use it to initialise the mirror? I'm currently testing the solution with 10Gb of data to keep in sync. But on my lines it would take more than 40 hours to initially create the
2001 Oct 02
2
New feature: remote entropy gatherer port
[NOTE: I'm new to this list and this is my first approach to OpenSSH code.] I've enhanced "--with-prngd-port=PORT" flag to accept an optional hostname as in "myhost:myport", e.g.: % ./configure --with-prngd-port=example.com:12345 Although I'm certain that this may cause big trouble if remote gatherer isn't online (ssh will refuse to open any connection) I
2006 Dec 07
1
are these problems?
...'salt' of 2 bytes containing a cryptographically strong random value. It plays the role of an IV according to the manual "2 bytes of salt (random data) are added in front of the actual VPN packet, so that two VPN packets with (almost) the same content do not seem to be the same for eavesdroppers." The forwarded packet is appended. The couple salt and forwarded is padded to be 64bit aligned (blowfish's block size). The whole (salt, forwarded packet and padding) is encrypted with blowfish in CBC. 2 Vulnerabilities This section explains how an attacker can modify packet...
2010 Oct 26
11
Auto provisioning from public server
Hello, has anyone experience with auto provisioning IP-phones on different locations through a central public provisioning server ? You use http or https ? Is there a danger that one uses a different MAC-address in the provisioning link to obtain SIP username / password settings ? Kind regards, Jonas. -------------- next part -------------- An HTML attachment was scrubbed... URL:
2001 Oct 06
1
Defeating Timing Attacks
Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,
2019 Nov 18
5
[cfe-dev] RFC: Moving toward Discord and Discourse for LLVM's discussions
FWIW I'm a fan of using open-source stuff for open-source projects. Discourse looks open source, but Discord doesn't as far as I can tell (?). On Mon, Nov 18, 2019 at 3:15 AM Chandler Carruth via cfe-dev < cfe-dev at lists.llvm.org> wrote: > Hello folks, > > I sent the message quoted below to llvm-dev@ just now, but it applies to > the whole community so sending an FYI