Displaying 20 results from an estimated 81 matches for "schneier".
Did you mean:
schneider
2015 Feb 07
3
TLS config check
...gt;>
>> Is this an improvement (or more secure) despite going from 256bits to
>> 128bits?
>
> yes it is because AES-GCM is currently the best cipher suite while there
> is no point for AES256, if AES128 will fall then it likely affects
> AES256 too and according to Brcue Schneier years ago AES128 has even
> less problems then AES256 (too lazy for google it again)
>
Well, I am working in the crypto field and was a bit astonished about
this "rant" - so a quick search brought up
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html -
for those wh...
2011 Sep 25
1
Which AES to use?
I've been reading on Bruce Schneier's blog about key diffusion and the
key schedule in AES 256 being poor. Including this, for use in a geli
encrypted provider, what are the pros and cons of selecting AES 128,
192, or 256?
2008 Apr 30
2
Empty Set In a Set
...advance for your assistance.
Sincerely,
Jason Q. McClintic
- --
Jason Q McClintic
UST MB 1945
2115 Summit Avenue
St. Paul, MN 55105
jqmcclintic at stthomas.edu
mccl0219 at tc.umn.edu
"It is insufficient to protect ourselves with laws, we must protect
ourselves with mathematics."--Bruce Schneier
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBSBfN5hMtGNvij6jtAQgx3gf7Bxmht6ODCjsvhuFPkW1QWC1ey/ygVW9m
uuwNZVCz2hBNDSV2NktaOHe+hl3sEj4gmxv0Q6onf4Opg59o9OQ1EtaeY13S/ouk
EIO2fERY7VQcFbqjr1SnhlXGfyjX5bLk0ipFlqd11...
2015 Feb 06
2
TLS config check
According to https://cipherli.st/
> ssl = yes
> ssl_cert = </etc/dovecot.cert
> ssl_key = </etc/dovecot.key
> ssl_protocols = !SSLv2 !SSLv3
> ssl_cipher_list = AES128+EECDH:AES128+EDH
> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
> Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change
2009 May 07
1
Ext3 corruption using cluster
Hello all,
I've a cluster with an oracle database. The shared filesystem is provided
from a SAN and there's LVM and ext3 fs.
I've experienced some problem. During a normal switch of my cluster
remounting FS on second node gave me problem. FS is corrupted.
During a normal switch, operations done are:
- oracle shutdown abort
- oracle listernet shutdown
- umount fs (using umount -l )
2006 Nov 06
1
pptp, ipsec and vpn
...i All,
This is a general VPN question;
PPTP VPNs seem to be very easy to set up with CentOS as the VPN server
and the built-in windose client, but how do list members feel about the
security vunerabilities reported with the MS implementation?
Specifically the 6 problems reported here :
http://www.schneier.com/pptp-faq.html
or maybe im being paranoid?
Would any of you roll this solution out using the MS client for business
use?
I generally dont trust anything MS does, especially when security is
concerned
I feel i should be leaning towards an IPSec VPN, would anyone agree?
(exchanging keys is no...
2005 May 10
1
public-key ?
Hi,
I'm not a crypto expert, so after reading this interview with Bruce Schneier
( http://www.securityfocus.com/columnists/324 ) I'm wondering if OpenSSH has
the same problem he talks about, that is one public-key algorithm.
Doesn't OpenSSH use RSA, DSA, and DH ?
Also, is there any plan to include those new NSA standards based on ECC ?
2019 Oct 28
3
changing cipher for imap clients
When my client connects, I see this in my log:
dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128
bits)
Whereas, when client connects to my postfix server, I see:
Anonymous TLS connection established from * TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
how can I tell dovecot to use AES256, instead of AES128 ?
is this set by ssl_cipher_list ? Here are my current
2010 Aug 04
1
Optimising the Rsync algorithm for speed by reverting to MD4 hashing
Hi,
From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other
2006 Dec 18
3
Shared Line Appearances (SLA) in 1.4
...tation. Is anyone
using this feature right now? Is there a helpful source for information this
highly desired capability?
Regards,
--
Anthony Kava
Senior Network Administrator
Pottawattamie County, Iowa
"Sheep are slow and tasty, and therefore must remain constantly alert."
-- Bruce Schneier, "Beyond Fear"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3660 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20061218/e99708e6/smime.bin
2008 Sep 30
1
PKI Compliance Dovecot Server
...crypted using SSL 2.0, which
reportedly suffers fromseveral cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit these
issues to conduct man-in-the-middle attacks or decrypt communications
between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL
3.0 or TLS 1.0 instead. See http://support.microsoft.com/kb/216482 for instructions on IIS. See http://httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium
/ CVSS Base...
2004 Jul 09
3
Strong Encryption
....liu.se,
aes128-ctr,
aes192-ctr,
aes256-ctr
Strong Encryption
OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms.
These are patent free.
Triple DES is a time proven and well understood cipher that provides strong
encryption.
Blowfish is a fast block cipher invented by Bruce Schneier that can be used
by people that require faster encryption.
AES <http://www.nist.gov/aes> is the US Federal Information Processing
Standard (FIPS) Advanced Encryption Standard developed as a replacement for
DES. It is a fast block cipher.
Arcfour is a fast stream cipher. It is believed to be c...
2006 Jan 02
4
Shorewall portscanner example rule.
When searching in google I could verify that many examples of used rules in
shorewall do not exist to block port scanners external. Example: nmap.
Somebody has some rule or example ?
thanks.
2008 Mar 25
1
Passing (Optional) Arguments
...it.
Thanks for any/all help.
Sincerely,
Jason Q. McClintic
--
Jason Q McClintic
UST MB 1945
2115 Summit Avenue
St. Paul, MN 55105
jqmcclintic at stthomas.edu
mccl0219 at tc.umn.edu
"It is insufficient to protect ourselves with laws, we must protect
ourselves with mathematics."--Bruce Schneier
2009 May 05
4
BUG at fs/buffer.c:2933 during umount
Hi,
I could not find this anywhere else reported, so here we go:
creating a new btrfs filesystem (btrfs-progs-unstable from git) and
mounting it succeeds, unmounting however fails with the kernel messages
attached to this mail. After that, I can still read and write to the
btrfs mount, but e.g. /bin/sync never finishes, sysrq-s never reports
"Sync complete".
I''m using a
2008 Sep 13
3
Freebsd auto locking users
Dear FreeBsd gurus, I have a problem concerning users password and
authentication policies. The goal is
1)make freebsd to lock users after 3 unsuccessful login attempts,
2)force users to change their passwords every 90 days
I've done such changes in Linux distros, with various PAM modules.But in
Freebsd it seems that i need to use login.conf file. Here I made
necessary changes in that
2014 Jan 03
1
VisualHostKey vs. RekeyLimit vs. VerifyHostKeyDNS
...gzilla.mindrot.org/show_bug.cgi?id=2154
P.S. I think it's wonderful you folks are working on curve25519,
ed25519, and chacha20+poly1305. I've moved a bunch of systems to ECDHE
last year, great speedup, especially from crap Atom clients, but feel
that I've shot myself in the foot after Schneier's denouncement of the
NIST curves.
--
Gerald Turner Email: gturner at unzane.com JID: gturner at unzane.com
GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: applicati...
2010 Jun 10
0
No subject
...same value.
With the MD5 vunerability one has to specially engineer it. IMO it is extremely
unlikely that it would happen by chance when used by rsync. If anyone worries
about this then maybe rsync would move to SHA-1 at some point. And then
what if someone finds a problem with SHA-1? Indeed, Bruce Schneier has
an article on this at http://www.schneier.com/blog/archives/2005/02/sha1_broken.html.
Again, I reckon that the SHA-1 vunerability would have no practical effect
if SHA-1 was used in rsync. Just my $0.02.</font>
<br>
<br><font size=2 face="sans-serif">rsync uses...
2002 Apr 17
6
Non-determinism
Is anyone else concerned about the fact that rsync doesn't guarantee
to produce identical file copies on the the target machine?
Don't get me wrong in sounding critical because I think that rsync is
a great example of how software should be written. (I often make the
observation, as I learn more about Linux, and inevitably find myself
comparing open source applications to Microsoft
1998 May 30
9
"Flavors of Security Through Obscurity"
...s system of security is better than one
using a standardized and public algorithm which attracts a lot
cryptanalytic work and may be broken in the near future or may
have already been broken in secret.
b) Intrinsically secret ciphers.
Extend secrecy to parts of the encryption method. In his book,
Schneier very briefly describes a variant of DES where the Sboxes
(which most people would consider as part of the algorithm) are
variable and depend on the key. Another very interesting
possibility would have the key express the encryption method. In
other words consider the key as the program, and the cip...