similar to: Security of OpenSSL ECDSA signatures

Displaying 20 results from an estimated 3000 matches similar to: "Security of OpenSSL ECDSA signatures"

2014 Mar 01
1
FYI: Flush+Reload attack on OpenSSL's ECDSA
Here's a recently-published paper that describes a flush & reload attack on OpenSSL's ECDSA implementation: http://eprint.iacr.org/2014/140.pdf According to the authors, snooping a single signing round is sufficient to recover the secret key. --mancha
2009 Oct 20
11
Stuck with puppet
Hello a newbie here. The situation is that: 2 machine one master one client Puppet 0.24.5 This my configuration: Client: /etc/puppet/puppetd.conf [puppetd] server = Asus-Vista-Box logdir = /var/log/puppet vardir = /var/lib/puppet rundir = /var/run master /etc/puppet/manifests/classes/sudo.pp class sudo { file { "/etc/sudoers": owner => "root",
2024 Oct 29
5
[Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature type not supported from ssh agent
https://bugzilla.mindrot.org/show_bug.cgi?id=3748 Bug ID: 3748 Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent Product: Portable OpenSSH Version: 9.7p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: enhancement
2003 Mar 14
2
Enable RSA blinding
After browsing "Remote timing attacks are practical" (Boneh & Brumley, <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I wonder if it might be a good idea to add calls to RSA_blinding_on() before the OpenSSL RSA decryption routines are invoked. The issue is not a LAN-only issue, BTW. Packet delay variation is usually higher in LANs than in WANs. -- Florian
2012 Jan 10
1
[Bug 1971] New: ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Bug #: 1971 Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keyscan
2008 Jul 30
5
[LLVMdev] Is there room for another build system?
2 more roadblocks for Visual Studio users are the inability to compile gcc and the inability to compile and run the test suite. I would not want to submit a change unless I could still compile/run gcc and pass the test suite. (Testing before submission is the way we do it where I come from - I am assuming it's the same here). On a related note, has anyone gotten the LLVM test suite working
2015 Jun 16
2
OpenSSH and CBC
On 15.06.2015 21:31, Christian Weisgerber wrote: > On 2015-06-15, Gerhard Wiesinger <lists at wiesinger.com> wrote: > >> I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is >> CBC therefore considered as broken and unsecure (in general or SSH >> implementation)? > CBC modes in SSH use the last encrypted block of the previous packet > as the IV
2015 Aug 11
0
[Bug 1971] ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release
2014 Apr 25
2
Support for ECDSA in OpenSSL?
Does the version of OpenSSL on Centos 6.5 support ECDSA keypairs? How do I test if this works? (though I should probably ask this on the OpenSSL list) The reason I suspect a problem is that HIPL for Centos (http://infrahip.hiit.fi/) is not creating the ECDSA Host Identity, whereas my Fedora installation IS creating the ECDSA HI.
2018 Dec 16
1
ECDSA client question
Hi, for those who have adopted ECDSA, Are there still any commonly used IMAPS/POP3S clients that still can not handle ECDSA certificates? I know you can set up Dovecot dor dual cert, I am just trying to determine if there still is a real world need to.
2018 Dec 17
1
ECDSA client question
On 12/16/18 7:52 AM, Tributh via dovecot wrote: > > > Am 16.12.18 um 12:13 schrieb Michael A. Peters: >> Hi, for those who have adopted ECDSA, >> >> Are there still any commonly used IMAPS/POP3S clients that still can not >> handle ECDSA certificates? >> >> I know you can set up Dovecot dor dual cert, I am just trying to >> determine if there
2011 Jan 24
1
ECDSA and first connection; bug?
Folks, I read the 5.7 release announcement and updated, to try out ECDSA. Most parts worked very smoothly. The inability to create SSHFP records is understandable, since IANA haven't allocated a code yet. One apparent bug: I think StrictHostKeyChecking=ask is broken for ECDSA. % ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 localhost
2011 Jul 28
1
Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record
Hi, I was sure I sent this to openssh at openssh.com, but cannot find that email now in my Sent mailbox, so I am sending it to the developers list. I took a liberty and wrote an I-D with accompanying patch (with contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS resource record. The I-D is here: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the source XML
2011 Dec 17
3
[Bug 1961] New: ECDSA memory leak
https://bugzilla.mindrot.org/show_bug.cgi?id=1961 Bug #: 1961 Summary: ECDSA memory leak Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at
2013 Jul 23
1
ECDSA key on anoncvs.mindrot.org
Hello, While running 'cvs up' against the CVS repository for the portable branch of OpenSSH, I received the following warning: % cvs up @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be
2014 Jan 31
1
Wanted: smartcard with ECDSA support
Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens
2011 Feb 19
2
[Bug 1862] New: document ECDSA within the "-b" option of the ssh-keygen manpage
https://bugzilla.mindrot.org/show_bug.cgi?id=1862 Summary: document ECDSA within the "-b" option of the ssh-keygen manpage Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Documentation
2012 Jan 04
0
ECDSA, SSHFP, and "Error calculating host key fingerprint."
When connecting to a host that provides an ECDSA host key and the client has "VerifyHostKeyDNS" set to 'yes' or 'ask' SSH outputs a mysterious and undocumented message "Error calculating host key fingerprint." This error actually seems to be generated by verify_host_key_dns(const char *hostname, struct sockaddr *address, Key *hostkey, int *flags) in dns.c, but
2013 Sep 14
0
ECDSA curve used in new protocol has suspicious seed value
Hi there, As I'm sure you are aware, there are suspicions (as usual) against the NSA potentially weakening crypto around the globe. This time it is about a cipher that is/will be used in the new tinc protocol: ECDSA According to https://github.com/gsliepen/tinc/blob/1.1/src/openssl/ecdsagen.c you use the secp521r1 curve, which is derived (according to
2013 Oct 08
3
[Bug 2157] New: [man] ssh-keygen page says ECDSA keys can be 521 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=2157 Bug ID: 2157 Summary: [man] ssh-keygen page says ECDSA keys can be 521 bits Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: Documentation Assignee: