similar to: Encryption

Displaying 20 results from an estimated 10000 matches similar to: "Encryption"

2015 May 21
8
Weak DH primes and openssh
Hi, You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak. I'm wondering what (if anything!) you propose to do about this issue, and what Debian might do for our users? openssh already prefers ECDH, which must reduce the impact somewhat, although the main Windows client (PuTTY) doesn't support ECDH yet. But
2024 Nov 23
1
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ?ssh-rsa?, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2). See section 3 in https://www.rfc-editor.org/rfc/rfc8332: rsa-sha2-256 RECOMMENDED sign Raw RSA key rsa-sha2-512 OPTIONAL
2013 May 15
1
key rotation on ssh servers
hi OpenSSH folks-- I have several OpenSSH sshd servers that i've maintained for a long time. Some of them have keys that are considered short by today's standards (e.g. 1024-bit RSA keys). On these servers, I would like to be able to do a key rotation such that multiple keys are valid during a time window so that users can learn the new key before i remove the old one. I don't
2013 Nov 02
3
[PATCH] curve25519-sha256@libssh.org key exchange proposal
It should be compatible with the original patch. However I think that the shared secret should be encoded as a string, too. What does libssh do? > Am 02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>: > >> On Fri, 1 Nov 2013, Markus Friedl wrote: >> >> Here are three versions (patch against openbsd cvs) >> >> 1) repace nacl w/libsodium,
2014 Mar 07
12
[Bug 2209] New: Problem logging into Cisco devices under 6.5p1 (kexgexc.c)
https://bugzilla.mindrot.org/show_bug.cgi?id=2209 Bug ID: 2209 Summary: Problem logging into Cisco devices under 6.5p1 (kexgexc.c) Product: Portable OpenSSH Version: 6.5p1 Hardware: amd64 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: ssh
2015 Feb 16
2
[Bridge] Sniffing a linux bridge vs sniffing enslaved interfaces
I can think of several potential differences. ?You may miss any bridge specific traffic (STP, LLDP) using the interfaces generated by the bridge itself. If you have vlan tagged sub interfaces you might also miss that traffic if you were snooping a particular interface. Obviously you will miss any on-wire broadcast traffic specific to the layer1 connection a particular interface was connected to
2017 Feb 04
4
Greeter openssh 7.4 is not according rfc4253.
Hi, I discovered when using my fuse fs for connecting to a remote host using sftp that the new server version 7.4 sends a greeter which is not according the format desribed in https://tools.ietf.org/html/rfc4253#section-4 There is written that the greeter "MUST be terminated by a single Carriage Return (CR) and a single Line Feed (LF) character (ASCII 13 and 10, respectively)." Now
2023 Nov 10
1
Question about stderr output containing carriage return External
Hi all, I have recently only discovered that openssh prints lines to stderr separated by CLRF pairs, and am trying to understand where this behavior comes from. This behavior can be seen here: --snip-- $ ssh u at u 2>&1 | sed -n l ssh: Could not resolve hostname u: Name or service not known\r$ --snip-- I have seen section 11.3 from rfc4253, but am unsure whether that is the origin of
2015 Feb 16
1
[Bridge] Sniffing a linux bridge vs sniffing enslaved interfaces
Hi all Assume that you have a linux bridge with two interfaces eth0 and eth1 enslaved to this bridge What is the difference between sniffing the bridge and sniffing its interfaces? tcpdump -i br0 vs tcpdump -i eth0 Thanks MiniME -------------- next part -------------- An HTML attachment was scrubbed... URL:
2016 Oct 18
7
SSH Weak Ciphers
Hi, In a recent security review some systems I manage were flagged due to supporting "weak" ciphers, specifically the ones listed below. So first question is are people generally modifying the list of ciphers supported by the ssh client and sshd? On CentOS 6 currently it looks like if I remove all the ciphers they are concerned about then I am left with Ciphers
2015 May 26
6
Name based SSH proxy
On 26/05/15 15.50, Daniel Kahn Gillmor wrote: > The argument that the DNS lookup leaks this metadata is a bad argument: > if we followed this line of reasoning, then every problem that has > multiple contributors could never be solved (A says "but my fixing > things is useless if B does nothing", while B says "but my fixing things > is useless if A does nothing"
2020 Mar 24
1
At rest encryption (with protected crypto keys)
Hi, As stated on the Dovecot documentation, at rest encryption is possible [1]. However, these keys are present on the system itself and are unprotected. Therefore, if a system is compromised, the attacker has access to the encrypted mail and the keys. There is no security benefit in that situation, except for hoping that the attacker doesn't understand that this is happening and how.
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting? weakdh.org/sysadmin.html recommends adding: KexAlgorithms curve25519-sha256 at libssh.org But this thread makes it sound as if it's not necessary. Can anyone confirm? Personally I'm on openssh-6.7. - Grant > You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be
2016 Jul 05
2
PXELINUX: lpxelinux.0 configuration
Hi Gene, Am 05.07.2016 um 12:42 schrieb Gene Cumm: > Version 6.03. Is this a distribution build or fresh from the > binary/source archive from kernel.org without any running of 'make'? it's actually a freshly downloaded lpxelinux.0 from kernel.org. I get: $ md5sum lpxelinux.0 d77a175ea1a0a8c05b315d179992e1bd lpxelinux.0 >> nothing more. Sniffing revealed that there are
2019 Mar 15
3
prompt to update a host key
On Fri, Mar 15, 2019 at 09:10:26AM +0000, Jochen Bern wrote: > Imagine sysadminning a boatload of VMs getting IPs from a dynamic pool, a la > > $ for ADDR in $CUSTOMER_1_RANGE $CUSTOMER_2_RANGE... ; do > > ping -c 1 -w 2 $ADDR >/dev/null 2>&1 && ssh root@$ADDR do_urgent_fix > > done > > , and it mightn't be that much of a niche anymore ... And
2005 Jul 26
4
how to classify sip traffic (voip)
How i can classify sip traffic (voip)?? I try dst 5060 udp port, but dont''work. sip sesion use dynamic port. Sniffing packets with windows net-peeker, I see that packets lenghts is always=87 How i can filter, by packet lenght, with u32? Regards Fabian
2015 Feb 27
2
yum causing RPC timed out?
On Fri, Feb 27, 2015 at 12:38:06PM -1000, Dave Burns wrote: > What makes you think NIS is involved? > Is Errno 12 a clue? I tried searching for (do_ypcall: clnt_call: rpc: timed "do_ypcall" is a NIS error message. (Previous NIS was called "yellow pages"; the "yp" in do_ypcall is a reference to that). Maybe you have "hosts: files nis" in
2015 Jan 24
2
VLAN issue
Steve, Thanks, makes sense. I just don't see why I have to effectively waste an extra IP address to get my connection established. Boris. On Fri, Jan 23, 2015 at 7:16 PM, Stephen Harris <lists at spuddy.org> wrote: > On Fri, Jan 23, 2015 at 07:10:57PM -0500, Boris Epstein wrote: > > > This makes two of us. I've done everything as you have described and it > >
2005 Jan 14
1
debugging encrypted part of isakmp
Are there any tools to decode encrypted part of isakmp provided that identities of both peers are known to me and that I am able to observe the whole exchange ? -- Andriy Gapon
2004 Aug 06
2
Preventin browsers / wget's / ... from capturing stream?
On Tuesday 02 March 2004 02:23, Michael Smith wrote: > Shoutcast just does user-agent sniffing. This makes it look like you can't > download the stream easily, but that's just misleading you - it's > completely trivial to do so. Yes , i'd say the same . > > The most clean solution in my eyes would be to implement mms:// or > > rtp:// for mp3/ogg-streams in