Displaying 20 results from an estimated 3000 matches similar to: "Security of OpenSSL ECDSA signatures"
2014 Mar 01
1
FYI: Flush+Reload attack on OpenSSL's ECDSA
Here's a recently-published paper that describes a flush & reload
attack on OpenSSL's ECDSA implementation:
http://eprint.iacr.org/2014/140.pdf
According to the authors, snooping a single signing round is
sufficient to recover the secret key.
--mancha
2009 Oct 20
11
Stuck with puppet
Hello a newbie here.
The situation is that:
2 machine one master one client
Puppet 0.24.5
This my configuration:
Client:
/etc/puppet/puppetd.conf
[puppetd]
server = Asus-Vista-Box
logdir = /var/log/puppet
vardir = /var/lib/puppet
rundir = /var/run
master
/etc/puppet/manifests/classes/sudo.pp
class sudo {
file { "/etc/sudoers":
owner => "root",
2024 Oct 29
5
[Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature type not supported from ssh agent
https://bugzilla.mindrot.org/show_bug.cgi?id=3748
Bug ID: 3748
Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com"
signature type not supported from ssh agent
Product: Portable OpenSSH
Version: 9.7p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: enhancement
2003 Mar 14
2
Enable RSA blinding
After browsing "Remote timing attacks are practical" (Boneh & Brumley,
<http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I
wonder if it might be a good idea to add calls to RSA_blinding_on()
before the OpenSSL RSA decryption routines are invoked.
The issue is not a LAN-only issue, BTW. Packet delay variation is
usually higher in LANs than in WANs.
--
Florian
2012 Jan 10
1
[Bug 1971] New: ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971
Bug #: 1971
Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keyscan
2008 Jul 30
5
[LLVMdev] Is there room for another build system?
2 more roadblocks for Visual Studio users are the inability to compile gcc
and the inability to compile and run the test suite. I would not want to
submit a change unless I could still compile/run gcc and pass the test
suite. (Testing before submission is the way we do it where I come from - I
am assuming it's the same here).
On a related note, has anyone gotten the LLVM test suite working
2015 Jun 16
2
OpenSSH and CBC
On 15.06.2015 21:31, Christian Weisgerber wrote:
> On 2015-06-15, Gerhard Wiesinger <lists at wiesinger.com> wrote:
>
>> I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is
>> CBC therefore considered as broken and unsecure (in general or SSH
>> implementation)?
> CBC modes in SSH use the last encrypted block of the previous packet
> as the IV
2015 Aug 11
0
[Bug 1971] ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2014 Apr 25
2
Support for ECDSA in OpenSSL?
Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs?
How do I test if this works? (though I should probably ask this on the
OpenSSL list)
The reason I suspect a problem is that HIPL for Centos
(http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity,
whereas my Fedora installation IS creating the ECDSA HI.
2018 Dec 16
1
ECDSA client question
Hi, for those who have adopted ECDSA,
Are there still any commonly used IMAPS/POP3S clients that still can not
handle ECDSA certificates?
I know you can set up Dovecot dor dual cert, I am just trying to
determine if there still is a real world need to.
2018 Dec 17
1
ECDSA client question
On 12/16/18 7:52 AM, Tributh via dovecot wrote:
>
>
> Am 16.12.18 um 12:13 schrieb Michael A. Peters:
>> Hi, for those who have adopted ECDSA,
>>
>> Are there still any commonly used IMAPS/POP3S clients that still can not
>> handle ECDSA certificates?
>>
>> I know you can set up Dovecot dor dual cert, I am just trying to
>> determine if there
2011 Jan 24
1
ECDSA and first connection; bug?
Folks,
I read the 5.7 release announcement and updated, to try out ECDSA. Most
parts worked very smoothly. The inability to create SSHFP records is
understandable, since IANA haven't allocated a code yet.
One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA.
% ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost
2011 Jul 28
1
Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record
Hi,
I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list.
I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record.
The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML
2011 Dec 17
3
[Bug 1961] New: ECDSA memory leak
https://bugzilla.mindrot.org/show_bug.cgi?id=1961
Bug #: 1961
Summary: ECDSA memory leak
Classification: Unclassified
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at
2013 Jul 23
1
ECDSA key on anoncvs.mindrot.org
Hello,
While running 'cvs up' against the CVS repository for the portable
branch of OpenSSH, I received the following warning:
% cvs up
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be
2014 Jan 31
1
Wanted: smartcard with ECDSA support
Hi,
I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA
keys, but have so far been unable to find anyone who can sell me
a smartcard that supports it.
They certainly exist - AFAIK it's required by the US PIV standard,
but obtaining cards that support it in single digit quantities
seems all but impossible.
Can anybody on this list help? I'd want 2-6 cards/tokens
2011 Feb 19
2
[Bug 1862] New: document ECDSA within the "-b" option of the ssh-keygen manpage
https://bugzilla.mindrot.org/show_bug.cgi?id=1862
Summary: document ECDSA within the "-b" option of the
ssh-keygen manpage
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
2012 Jan 04
0
ECDSA, SSHFP, and "Error calculating host key fingerprint."
When connecting to a host that provides an ECDSA host key and the
client has "VerifyHostKeyDNS" set to 'yes' or 'ask' SSH outputs a
mysterious and undocumented message "Error calculating host key
fingerprint." This error actually seems to be generated by
verify_host_key_dns(const char *hostname, struct sockaddr *address,
Key *hostkey, int *flags) in dns.c, but
2013 Sep 14
0
ECDSA curve used in new protocol has suspicious seed value
Hi there,
As I'm sure you are aware, there are suspicions (as usual) against the NSA
potentially weakening crypto around the globe. This time it is about a
cipher that is/will be used in the new tinc protocol: ECDSA
According to
https://github.com/gsliepen/tinc/blob/1.1/src/openssl/ecdsagen.c you use
the secp521r1 curve, which is derived (according to
2013 Oct 08
3
[Bug 2157] New: [man] ssh-keygen page says ECDSA keys can be 521 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=2157
Bug ID: 2157
Summary: [man] ssh-keygen page says ECDSA keys can be 521 bits
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: