search for: eavesdropper

...hat sort. That is, not only are we free and clear, but the algorithm is safe from future claimjumpers trying to patent it. Not to mention that it provides strong authentication of both client *and* server, even when the host key has changed or is unknown, and it doesn't leak any information to eavesdroppers or MITM. :-) So, SRP is ready to go. Speaking of which, an up-to-date tarball and patch are available: http://members.tripod.com/professor_tom/archives/OpenSSH-2.9p1-srp7.tar.gz http://members.tripod.com/professor_tom/archives/OpenSSH-2.9p1-srp7.patch.gz The patch is vs. the 20010501 CVS, the...

...d a static version of tinc on an affected platform, you need to recompile tinc to ensure it is statically linked with a fixed OpenSSL library. I do not know if the session keys also have been weak, but it is best to assume they were. If you exchanged private key material via your tinc VPN, then an eavesdropper may have seen seen this as well. Regenerate any keying material that you have exchanged via your tinc VPN if any of the nodes was running on an affected platform. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part --------------...

...d a static version of tinc on an affected platform, you need to recompile tinc to ensure it is statically linked with a fixed OpenSSL library. I do not know if the session keys also have been weak, but it is best to assume they were. If you exchanged private key material via your tinc VPN, then an eavesdropper may have seen seen this as well. Regenerate any keying material that you have exchanged via your tinc VPN if any of the nodes was running on an affected platform. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part --------------...

Am I correct in assuming that the user and host public/private keys used in openSSH are only used for authentication (is the remote server known to be X, is this Harry trying to login), and have no role in the encryption? I was under the assumption that each connection used a newly generated key (using DH for key exchange) so each session was unique. (I believe this because the transport layer

Hi there: I'm doing a backup of some of my machines via rsync, and I have the next problem: ------------------ [Tue Feb 22 02:51:13 CET 2011] /usr/bin/rsync -az --delete --numeric-ids --relative --delete-excluded --rsh=/usr/bin/ssh root at server1:/var/spool/exim /data/backups/server1 [Tue Feb 22 02:51:28 CET 2011] /usr/bin/rsync -az --delete --numeric-ids --relative --delete-excluded

Hi, As stated on the Dovecot documentation, at rest encryption is possible [1]. However, these keys are present on the system itself and are unprotected. Therefore, if a system is compromised, the attacker has access to the encrypted mail and the keys. There is no security benefit in that situation, except for hoping that the attacker doesn't understand that this is happening and how.

...t' of 2 bytes containing a cryptographically strong random value. It plays the role of an IV according to the manual "2 bytes of salt (random data) are added in front of the actual VPN packet, so that two VPN packets with (almost) the same content do not seem to be the same for eavesdroppers." The forwarded packet is appended. The couple salt and forwarded is padded to be 64bit aligned (blowfish's block size). The whole (salt, forwared packet and padding) is encrypted with blowfish in CBC. 2 Vulnerabilities This serction explains how an attacker can modify pack...

Dears, I would like to mirror data from 2 servers connected together via VPN over ADSL lines (dwn 2Mbps/Upld 512Kbps). I'm sure rsync is one of the best tool to keep these data in sync but how should I use it to initialise the mirror? I'm currently testing the solution with 10Gb of data to keep in sync. But on my lines it would take more than 40 hours to initially create the

[NOTE: I'm new to this list and this is my first approach to OpenSSH code.] I've enhanced "--with-prngd-port=PORT" flag to accept an optional hostname as in "myhost:myport", e.g.: % ./configure --with-prngd-port=example.com:12345 Although I'm certain that this may cause big trouble if remote gatherer isn't online (ssh will refuse to open any connection) I

...'salt' of 2 bytes containing a cryptographically strong random value. It plays the role of an IV according to the manual "2 bytes of salt (random data) are added in front of the actual VPN packet, so that two VPN packets with (almost) the same content do not seem to be the same for eavesdroppers." The forwarded packet is appended. The couple salt and forwarded is padded to be 64bit aligned (blowfish's block size). The whole (salt, forwarded packet and padding) is encrypted with blowfish in CBC. 2 Vulnerabilities This section explains how an attacker can modify packets...

Hello, has anyone experience with auto provisioning IP-phones on different locations through a central public provisioning server ? You use http or https ? Is there a danger that one uses a different MAC-address in the provisioning link to obtain SIP username / password settings ? Kind regards, Jonas. -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

FWIW I'm a fan of using open-source stuff for open-source projects. Discourse looks open source, but Discord doesn't as far as I can tell (?). On Mon, Nov 18, 2019 at 3:15 AM Chandler Carruth via cfe-dev < cfe-dev at lists.llvm.org> wrote: > Hello folks, > > I sent the message quoted below to llvm-dev@ just now, but it applies to > the whole community so sending an FYI