search for: kdf

Hi everyone. I'm currently running through FIPS validation, and this year CAVP requires KDF tests for SSH. I'm running OpenSSH v5.6p1 and I see that the 6 keys that I need are derived in kex_derived_keys in kex.c. However, I don't yet see any way for me to access this function from an existing command line tool, being able to pass in K, H, and the session_id from the test vector...

Hello Everyone, I am writing code to test derive_keys functionality. The function signature is: static u_char * derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, BIGNUM *shared_secret) Now, the input which is provided to us is K(share_secret) as an array of characters. H(Hash) as an array of characters. Session_id as an array of characters Now, first I converted hash

...signed-bugs at mindrot.org Reporter: arthurmesh at gmail.com This defect was found on OpenSSH 6.5; however, it appears that code in question has not changed between 6.5 and openssh-SNAP-20140204.tar.gz. Thoughts: while reading the code -- this caught attention: authfile.c: 279 kdfname = buffer_get_cstring_ret(&copy, NULL); 280 if (kdfname == NULL || 281 (!strcmp(kdfname, "none") && !strcmp(kdfname, "bcrypt"))) { 282 error("%s: unknown kdf name", __func__); 283 goto out; 284...

...i?id=1550) the motivation for this being that 128-bits of security is better than the 112 or so you get from 3DES these days. Interestingly that bug is about upgrading to AES-256, but we ended up with AES-128. Presumably due to the Solaris crippling? However ssh-keygen still uses a relatively weak KDF of MD5(IV[:8] . PWORD) which makes dictionary attacks quite feasible and means you need a much longer password to mitigate them. Seems like it might be useful if OpenSSH at least had the option of using an encoding with some decent key stretching to me. Is there any good reason not to, and to not h...

...EOF +?? ?if [ -z "$secret" -o "$format" = "PEM" ]; then +?? ??? ?# For PEM format, passphrase is not detected yet, should be fixed in ssh-keygen +?? ??? ?echo "no passphrase" >> $exp +?? ?else +?? ??? ?cat >> $exp << EOF +cipher: aes256-ctr +kdf: bcrypt +rounds: $rounds +EOF +?? ?fi + +?? ?if ! ${SSHKEYGEN} -yv -P "${secret}" -f $file > $OBJ/$t-pub ; then +?? ??? ?fail "ssh-keygen -y failed for $t-key" +?? ?fi +?? ?if ! sed '1 s/[^ ]* [^ ]* \?//' $OBJ/$t-pub > $OBJ/$t-tmp ; then +?? ??? ?fail "sed fai...

...cept two additional %-expansion sequences: %D which expands to the routing domain of the connected session and %C which expands to the addresses and port numbers for the source and destination of the connection. * ssh-keygen(1): increase the default work factor (rounds) for the bcrypt KDF used to derive symmetric encryption keys for passphrase protected key files by 50%. Bugfixes -------- * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running seperate ssh-pkcs11-helpers for each loaded provider. * ssh(1): make -f (fork after authentication) work corre...

...t;If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKjsSIR7qMdg1EfYRAs/AAKCo1kF/RCje6ETuq75aWprf2aZ8ZACfb2WV o8NuRucRR67ctLFJg5TP6pU= =/KDF -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

.../sec, allowing a 9-character random password to survive a million years of constant attack. Offline is an entirely separate matter, and is already addressed by /etc/shadow salting and hashing in CentOS. We know how to make it even stronger if the threat requires it: move to OTP keys, use a better KDF than SHA512, etc. > I just fired my ISP because of the asininity of setting a 180 > compulsory expiration on passwords. Good for you. Password expiration is silly. A good strong password should last years under any reasonable threat. But we?ve not been talking about password expiration h...

...cept two additional %-expansion sequences: %D which expands to the routing domain of the connected session and %C which expands to the addresses and port numbers for the source and destination of the connection. * ssh-keygen(1): increase the default work factor (rounds) for the bcrypt KDF used to derive symmetric encryption keys for passphrase protected key files by 50%. Bugfixes -------- * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. * ssh(1): make -f (fork after authentication) work corre...

...quences: %D which expands to > the routing domain of the connected session and %C which expands > to the addresses and port numbers for the source and destination > of the connection. > > * ssh-keygen(1): increase the default work factor (rounds) for the > bcrypt KDF used to derive symmetric encryption keys for passphrase > protected key files by 50%. > > Bugfixes > -------- > > * ssh-agent(1): improve isolation between loaded PKCS#11 modules > by running seperate ssh-pkcs11-helpers for each loaded provider. > > * ssh(1):...

...r support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. * Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for Ed25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new forma...

On Thu, Jul 30, 2015 at 12:20 PM, Warren Young <wyml at etr-usa.com> wrote: > On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists at colorremedies.com> wrote: >> >> On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote: >> >>> Security is *always* opposed to convenience. >> >> False. OS X by default runs only signed

...r support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. * Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for Ed25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new forma...

I''m using a find with a :joins clause, like this: :joins => "JOIN table_b ON table_b.id=table_b_id" The records returned are used in a scaffold generated list page. The edit, show, and destroy links are getting the wrong id. They are getting the id of the table b record. When I run the query using mysql, I see that the query returns *2* id columns, the id of the main

On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote: > Just because one particular method of prophylaxis fails to protect against all threats doesn?t mean we should stop using it, or increase its strength. Actually it does.There is no more obvious head butting than with strong passwords vs usability. Strong login passwords and usability are diametrically opposed.

...r support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. * Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for Ed25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new forma...

We still have MD5 as our default password hash, even though known-hash attacks against MD5 are relatively easy these days. We've supported SHA256 and SHA512 for many years now, so how about making SHA512 the default instead of MD5, like on most Linux distributions? Index: etc/login.conf =================================================================== --- etc/login.conf (revision

...RvwT_t9j at n|WcBXG8I-Odz{fbcAU%%fDfdC?is353l!Y2E^2(s_HnHiEGi|oiE zh$0Ar<o`MMEi-{=`~Ci_oV at q$J@?#mw{y=qcbQDI12i8bD*Oio>IjLZ`9>IwBJ_b_ zB6Oq}S3ZO$9+)CR-WDN^M94<Tol at SBRJ3?w3KeYrGAZWAcO_ZR%KjZmYNb>wjPp|d zIE(Wd2!S3#n&#dLNm><ADZ97=g~iI7oqsJld|pKJ=b;=h9^$-1DJNYl8R7nEbQwU+ z3KdFIvsHC<N#s3Bl2LQ7Vm>HhHBhc7FBROOv*!22Tp69NR~0m;b|Hp))Fe^sIq1B_ zU2`923<+`{BqmZW53036o}G^b!3}am^>2`+=thW*heVGr?ix{v$9%z~DtM%fMAQl; z1=`JK*44EIU++l at 3jZPsUtX%Buo}SAWWJzzsk|mxSkTE9qcik!WNm)Q{WEo`M=2&3 z^OW<>(S<oQ3RKA~T`sQ)whq1~CH)w5LJzD><wHG9-3J*=nh$0}Wd6R?C^st`+EZuB z6`...