Berkeley CSUA MOTD:Entry 27761
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2003/3/20 [Computer/SW/WWW/Server] UID:27761 Activity:nil
3/19    Just in case some of you haven't seen this yet, there is
        a new timing attack on RSA keys:
        http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
        OpenSSL advisory is here:
        http://www.openssl.org/news/secadv_20030317.txt
2025/07/08 [General] UID:1000 Activity:popular
7/8     

You may also be interested in these entries...
2008/5/14-16 [Computer/SW/OS/Linux] UID:49941 Activity:nil
5/14    debian people, recompile:
        http://metasploit.com/users//hdm/tools/debian-openssl
        \- and ubuntu
           \_ Which is derived from debian.
        \_ Argh. What are some inexpensive certificate authorities?
	...
2007/2/20-22 [Computer/SW/WWW/Server, Computer/SW/Security] UID:45782 Activity:high
2/20    Any recommendations on a cheap/easy-to-use digital signature system?
        \- i dunno exactly wat you are looking for or what the status of this
           project is, but if the obvious [gnupg] wont do, you can google
           for AKENTI. --psb
        \_ What do you want exactly?  A toolkit for digitally signing various
           files?  OpenSSL is free.  It is, however, a pain in the ass to use,
	...
2006/9/8-12 [Computer/SW/Unix, Computer/SW/Security, Computer/SW/WWW/Server] UID:44325 Activity:nil
9/9     Is there a gzip-like unix command that will encrypt a file?
        I'm looking for something that's widely available. Thanks
        crypt (not very secure - DES).  Or failing that, openssl or gnupg
        \_ openssl or gnupg... what are you looking for?  Those will work fine..
           \_ Thanks for the recommendations. I'm basically experimenting
              with a way of using my friend's computer to backup my
	...
2006/3/2 [Computer/SW/Languages/Perl] UID:42064 Activity:kinda low
3/2     LDAP help: I am trying to dump the userPassword from an ldap database
        with ldapsearch but it is coming out base64 encoded:
        userPassword:: e2NyeXB0fWhhKllueGJrSXhrR2M=
        Is there a shell tool to decode this ... I want to avoid re-writing
        the whole thing in perl (I'm not that familar with LDAP or encodings
        and this isn't important enough to spend a lot of time on ... but I've
	...
2006/2/13-15 [Computer/Networking] UID:41829 Activity:nil
2/13    Do I really have to point my cisco pix at some cert. authority
        if I want to use keys (instead of "pre-shared secrets") ?
        I can't just self sign?? wtf?
        \_ Actually, why not just create a CA signing cert with OpenSSL
           (it's not that hard), sign a cert with that, and then import the
           CA public key into pix?  Or use a static passphrase for phase I
	...
2005/4/30-5/3 [Computer/SW/WWW/Browsers] UID:37434 Activity:moderate
4/30    In Outlook Express I get an error message everytime I check my
        CSUA account, although I still get my mail.  I am using POP port 995
        with SSL.  Is there a way I can prevent this message, it's annoying:
        "The server you are connected to is using a security certificate that
        could not be verified.  A certificate chain processed, but terminated
        in a root certificate which is not trusted by the trust provider.  Do
	...
2005/3/19-22 [Computer/SW/WWW/Browsers] UID:36770 Activity:low
3/19    Is there a way to get Mozilla under Windows to use mystore to manage
        certificates rather than its own internal cert manager?  I have a
        DER-encoded client cert that's usable by IE, but I'd like to see
        it used by Mozilla (which requires PKCS#12 certs for its own store,
        rather than DER or p7b.)  -John
        \_ It is possible to conver between DER and PKCS#12 (I believe that
	...
2004/6/7 [Computer/SW/Security] UID:30642 Activity:nil
6/5     I can't reach some sites from my company, including sameer's
        anonymizer. What are some good anonymizing sites I can use? Thanks.
        \_ I recommend setting up nph-proxy or something similar on your
           home machine.  For added yuks, run it over OpenSSL and password
           protect it.  -John
	...
2004/5/28-29 [Computer/SW/OS/Linux, Computer/SW/OS/FreeBSD] UID:30467 Activity:high
5/27    In what ways are FreeBSD superior to a good Linux distro?
        \_ Why do you hate Windows?
           \_ Why do you hate Linus?
        \_ *BSD has a better IP stack.
           \_ In what way?
           \_ Aren't they the same now?
	...
2004/5/27 [Computer/SW/WWW/Server] UID:30458 Activity:high
5/27    MacOS X Mail complains about soda's certificate when connecting over
        SSL.  Is there a way to silence it?  Is there a public x509 certificate
        around here?  The stuff in /etc/ssl/certs isn't readable by anyone but
        root.   -jeffwong
        \_ There's a way to get Mail to suppress the warning... sorry, but I
           don't remember what it is off the top of my head.
	...
2004/5/7 [Computer/SW/WWW/Browsers] UID:30076 Activity:nil
5/6     Installed lynx with openssl and now I have the following msg:
        "unable to get local issuer certificate"
        What's going on?
	...
2004/3/25-28 [Computer/SW/Security, Computer/SW/Unix] UID:12868 Activity:moderate
3/25    as of today i can't get my imaps mail off of csua port 993. anyone
        else have this problem?
        \_ I have this problem not, with openssl as the connector.
           * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN]
             http://soda.CSUA.Berkeley.EDU IMAP4rev1 2002.332 at Thu, 25 Mar 2004
             19:23:26 -0800 (PST)
	...
Cache (646 bytes)
www.openssl.org/news/secadv_20030317.txt
Typically, it will not have been, because it is not easily possible to do so when using OpenSSL to provide SSL or TLS. Applications that wish to can remove the blinding with RSA_blinding_off(), but this is not generally advised. It is also possible to disable it completely by defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time. The performance impact of blinding appears to be small (a few percent). This problem affects many applications using OpenSSL, in particular, almost all SSL-enabled Apaches. You should rebuild and reinstall OpenSSL, and all affected applications. We strongly advise upgrading OpenSSL in all cases, as a precaution.