search for: purky

I mentioned extensions because I had a few and saw them die. the 40-bit ssl is the web interface for power5 (the so-called ASMI https interface). These ports have no access to "outside", on a separate lan segment. my desktop, not acting as router, can connect to non-Natted and NATted segments. re: use of a stunnel - how does this turn 40-bit https into >40-bit https. Sounds like a

...method in at least one of these lists. """" But in reality the also an empty list is accepted by sshd (servconf.c:1605). What is the reason to accept an empty method list? Does the man page need an update? Thanks and best regards, /M - -- Miroslav Vadkerti :: Red Hat s.r.o, Purky?ova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTot4RAAoJEBliWhMliBCHoHsH/21Z8JGah1BByms9mO4dkT9k YLmykqWcUjopNwk2FykYVPm3K8RFO4zV45hha26v8Qdh3TpNjuQED0HuqBrtfY5H 8qZOsz1FNb9Ayi/...

I've just written this patch, it's undergone minimal testing and "works for me" and I'm after feedback as to acceptability of approach, anything I should be doing differently for the feature to be acceptable upstream and what I should be doing about automated testing. Use-case: you have the host's SSH fingerprints via an out-of-band mechanism which you trust and want to

On Thu, 28 May 2015, Hubert Kario wrote: > > If this is the only attack you're trying to address, and you've > > already limited yourself to safe primes, then NUMS properties don't > > really add anything. The NUMS approach is there are to try to avoid > > the possibility of other, unknown cryptanalytic attacks against some > > infrequent type of group,

On Fri, 29 May 2015, Hubert Kario wrote: > Not really, no. > > We can use this time an initial seed of "OpenSSH 1024 bit prime, attempt #1". > Next time we generate the primes we can use the initial seed of "2017 OpenSSH > 1024 bit prime, attempt #1", but we can use just as well a "2nd generation > OpenSSH 1024 bit DH parameters, try number 1".

On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: > creating composites that will pass even 100000 rounds of Miller-Rabin is > relatively simple.... > (assuming the values for M-R tests are picked randomly) Can you point me to the algorithms for doing that? This would suggest that we really do want primality proofs (and a good way to verify them). Do those algorithms hold for

My two-cents removing v1 from the server - excellent. removing it from the client - admirable, but there are many potential operational concerns as mentioned above. I'll chat a bit about personal experience with removal of something as being "more secure" when it's effect is actually lessen "security" Possible solution - even for beyond ? Create a new client that

On Wed 2015-05-27 05:23:41 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 15:10:01 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: >> > OEIS A014233 >> >> Hm, this is a sequence, but not an algorithm. It looks to me like it is >> not exhaustive, just a list of those integers which are known to have >> the stated

On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >>

On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 12:57:05 -0400, Hubert Kario wrote: >> > creating composites that will pass even 100000 rounds of Miller-Rabin is >> > relatively simple.... >> > (assuming the values for M-R tests are picked randomly) >> >> Can you