search for: purki

I mentioned extensions because I had a few and saw them die. the 40-bit ssl is the web interface for power5 (the so-called ASMI https interface). These ports have no access to "outside", on a separate lan segment. my desktop, not acting as router, can connect to non-Natted and NATted segments. re: use of a stunnel - how does this turn 40-bit https into >40-bit https. Sounds like a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I just came across a contradiction between the man page of AuthenticationMethods and the accepted methods list. According to the sshd_config manual page: """ AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one

I've just written this patch, it's undergone minimal testing and "works for me" and I'm after feedback as to acceptability of approach, anything I should be doing differently for the feature to be acceptable upstream and what I should be doing about automated testing. Use-case: you have the host's SSH fingerprints via an out-of-band mechanism which you trust and want to

On Thu, 28 May 2015, Hubert Kario wrote: > > If this is the only attack you're trying to address, and you've > > already limited yourself to safe primes, then NUMS properties don't > > really add anything. The NUMS approach is there are to try to avoid > > the possibility of other, unknown cryptanalytic attacks against some > > infrequent type of group,

On Fri, 29 May 2015, Hubert Kario wrote: > Not really, no. > > We can use this time an initial seed of "OpenSSH 1024 bit prime, attempt #1". > Next time we generate the primes we can use the initial seed of "2017 OpenSSH > 1024 bit prime, attempt #1", but we can use just as well a "2nd generation > OpenSSH 1024 bit DH parameters, try number 1".

On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: > creating composites that will pass even 100000 rounds of Miller-Rabin is > relatively simple.... > (assuming the values for M-R tests are picked randomly) Can you point me to the algorithms for doing that? This would suggest that we really do want primality proofs (and a good way to verify them). Do those algorithms hold for

My two-cents removing v1 from the server - excellent. removing it from the client - admirable, but there are many potential operational concerns as mentioned above. I'll chat a bit about personal experience with removal of something as being "more secure" when it's effect is actually lessen "security" Possible solution - even for beyond ? Create a new client that

On Wed 2015-05-27 05:23:41 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 15:10:01 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: >> > OEIS A014233 >> >> Hm, this is a sequence, but not an algorithm. It looks to me like it is >> not exhaustive, just a list of those integers which are known to have >> the stated

On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >>

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you