similar to: Openssh KDF testing

Hi everyone. I'm currently running through FIPS validation, and this year CAVP requires KDF tests for SSH. I'm running OpenSSH v5.6p1 and I see that the 6 keys that I need are derived in kex_derived_keys in kex.c. However, I don't yet see any way for me to access this function from an existing command line tool, being able to pass in K, H, and the session_id from the test vector. Is

Dear OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed

I've successfully implemented the mail_crypt plugin on v2.2.27 and it's working like a champ, but some of our administrative operations require access to Maildir messages in plaintext. I've found numerous threads detailing help with mail_crypt setup, but none of my research has yielded a method of decrypting the stored messages. Relevant plugin config: mail_crypt_curve =

Here are three versions (patch against openbsd cvs) 1) repace nacl w/libsodium, so i could test 2) curve25519-donna 3) Matthew's public domain reference implementation. i'd vote for #3 -------------- next part -------------- Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>: > On Tue, 24 Sep 2013, Aris Adamantiadis wrote: > >> Dear OpenSSH

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

Hi! I need to call the flickr.tags.getListUserRaw API method (http://www.flickr.com/services/api/flickr.tags.getListUserRaw.html) with the flickraw gem. Unfortunately there is no documentation how to authenticate and then call the method. Just calling flickr.tags.getListUserRaw doesn''t work, although flickr.tags.getListUser does work. I set my FlickRaw.api_key and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I''m working on an application which uses rflickr to upload images to flickr. I''ve generated and cached an auth token as described in the GETTING STARTED document in the rflickr tree. However, when I call the API, I receive an error stating "ERR: Invalid auth token (98)". The extended error is: XMLRPC::FaultException

https://bugzilla.mindrot.org/show_bug.cgi?id=2207 Bug ID: 2207 Summary: Potential NULL deference, found using coverity Product: Portable OpenSSH Version: -current Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

In 0.9.7 the private key encryption was switched from 3DES to AES, (https://bugzilla.mindrot.org/show_bug.cgi?id=1550) the motivation for this being that 128-bits of security is better than the 112 or so you get from 3DES these days. Interestingly that bug is about upgrading to AES-256, but we ended up with AES-128. Presumably due to the Solaris crippling? However ssh-keygen still uses a

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

hey, i am using the flickr wrapper for ruby and need to access the tags of a specific photo. i got all the rest working. i must admit i am kind of new to ruby, but i tried and tried and couldn''t figure it out. among other things i want to read geotags like in my example here: http://www.flickr.com/photos/whoisstan/146634506/ i''m sure it is deadsimple and i just overlooked it.

Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

For no particular reason, i'm looking to convert my ed25519 private key to pem. A user on stackoverflow suggested running `ssh-keygen -p -f path/to/your/key -m pem` [^1], which errors, printing `do_convert_to_pem: unsupported key type ED25519`. Looking at the corresponding line in source, it seems that only RSA, DSA, & ECDSA keys can be converted to pem.[^2] With new keys defaulting

Hello. I found that anonymous structures does not work on gcc-2.95. If you guys want to support a bit older platforms I suggest fixing it. You can check out patch I created to fix this issue. I just added 2 extra structures to remove anonymous structs inside connection_status_t and node_status_t. Patch is here: ftp://borg.uu3.net/pub/unix/tinc/tinc.patch Attaching it as well. Regards, Borg

Am 02.11.2013 um 11:38 schrieb Aris Adamantiadis <aris at 0xbadc0de.be>: > RFC4251 describes mpint to be multi-size and with positive values having > MSB clear, so it's clearly incompatible with raw string. > > Since you both agreed on the curve25519 implementation to use, I'll work > today on Markus' patch to make the changes Damien wanted. What do you want to

I do if you're interested... -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org] Sent: Monday, August 23, 2004 11:45 AM To: mlueck@lueckdatasystems.com Cc: samba@lists.samba.org Subject: Re: [Samba] Update -> Someone with "Access Denied" from Windows plstry this test to compare notes with me -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael

On Jul 29, 2015, at 3:16 PM, Chris Murphy <lists at colorremedies.com> wrote: > > On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote: >> Just because one particular method of prophylaxis fails to protect against all threats doesn?t mean we should stop using it, or increase its strength. > > Actually it does.There is no more obvious head

OpenSSH 9.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Compiled on OpenIndiana using GCC 11 :; SunOS 5.11 illumos-2e79e00041 illumos Although snapshot was downloaded, it shows 9.3 version: :; ssh -V OpenSSH_9.3p1-snap20230809, OpenSSL 1.1.1v? 1 Aug 2023 Thanks and regards. On 31.07.2023 08:12, Damien Miller wrote: > Hi, > > OpenSSH 9.4 is almost ready for release, so we would appreciate testing > on as many platforms and systems as