Security services and protection mechanisms IPv6 promises regarding IPSec Certification infrastructure Standardization update Case Studies: ISPs, carriers,...
Peter lewis
peter.lewis@...
Aug 20, 1999 10:51 am
761
Hello, This message is about formats for storing private keys (or other sensitive data), encrypted using a pass phrase. This is not specified at all in the...
Niels Möller
nisse@...
Aug 23, 1999 11:14 am
762
... In that case, as you're targetting "wide" interoperability, why not go with an existing "standard"? PKCS#5 v2.0 is final as of 1999-03-26 and describes...
Camillo Särs
Camillo.Sars@...
Aug 23, 1999 2:28 pm
763
... Hmm. To increase 1), one may want to use something like the exblowfish (blowfish with variable and expensive key scheduling) algorithm described in the...
Niels Möller
nisse@...
Aug 23, 1999 3:25 pm
764
... Sounds a bit exotic, and won't probably be readily available in existing libraries. What PKCS#5 v2.0 basically does is 'n' simple rounds, and makes the...
Camillo Särs
Camillo.Sars@...
Aug 23, 1999 7:01 pm
765
... Hash: SHA1 ... We are proposing a set of S-expression versions of PKCS to the PKCS committee in a few weeks, so I would nominate the SPKCS#5, if you want ...
Carl Ellison
cme@...
Aug 23, 1999 8:09 pm
766
... Hash: SHA1 ... I don't remember the discussion, but this does look reasonable. ... The IV is an effective salt all by itself and I would suggest we don't...
Carl Ellison
cme@...
Aug 23, 1999 8:10 pm
767
... Hash: SHA1 ... Salt doesn't help #1. Password entropy does. You can do this with multiple passwords or you can get weird, as I did with my PGP keyring....
Carl Ellison
cme@...
Aug 23, 1999 8:17 pm
768
IMHO it's *essential* that salting and key stretching be applied to the passphrase before it's used to encrypt private keys. John Kelsey, Bruce Schneier, Chris...
Paul Crowley
paul@...
Aug 23, 1999 8:58 pm
769
... Thanks for the pointer. /Niels...
Niels Möller
nisse@...
Aug 24, 1999 9:19 am
770
... Hash: SHA1 Paul, did you get any feedback on this suggestion? I received your mail just before leaving on vacation, so it's been sitting in my mailbox. I...
Carl Ellison
cme@...
Aug 25, 1999 3:39 am
771
... Why not just use PKCS #5v2? It's a published standard, there are test vectors for it available, and there are free implementations around which comply...
Peter Gutmann
pgut001@...
Aug 28, 1999 11:27 pm
772
... What's wrong with reinventing the wheel? Our new 12-sided wheels are a *big* improvement over our 6-sided ones. And then there's what Raymond Chandler ...
Michael Sierchio
kudzu@...
Aug 29, 1999 7:27 pm
773
... I'd like to see it. /Niels...
Niels Möller
nisse@...
Aug 30, 1999 9:19 am
774
... There are two reasons against using PKCS #12, one is the serious security concerns with some implementations ...
Peter Gutmann
pgut001@...
Aug 30, 1999 1:52 pm
775
Peter Gutmann wrote: Peter - you fat-fingered the URLs to your pages. The correct URLs are: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt ...
Michael Sierchio
kudzu@...
Aug 30, 1999 4:27 pm
776
Peter, Since Novell's PKIS (CA toolkit) also exports keys in PKCS #12 format, I'd like to here more about any PKCS #12 deficiencies. Unfortunately, the URL you...
Bob Jueneman
BJUENEMAN@...
Aug 30, 1999 7:29 pm
777
Peter, what is the difference between PKCS #5, and PKCS #12? I was under the impression that #5 had been superceded by #12. Is this not the case? Bob Robert R....
Bob Jueneman
BJUENEMAN@...
Aug 30, 1999 7:36 pm
778
... PKCS #5 describes how to turn an arbitrary-length input into a key for a particular algorithm. PKCS #12 provides a case study of everything you shouldn't...
Peter Gutmann
pgut001@...
Aug 30, 1999 8:04 pm
779
... I have read the older PKCS#5v1 and PKCS#12 quite thouroghly (but a long time ago), and I have now had a quick look at PKCS#5v2. They have different goals....
Niels Möller
nisse@...
Aug 30, 1999 10:40 pm
780
We implemented it without all that much difficulty. I wasn't personally involved, so I can't give you any further details. We are using it to communicate a...
... See the text at the URL's I posted earlier, although I mistyped them. They're actually: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt (security...
Peter Gutmann
pgut001@...
Aug 30, 1999 11:04 pm
783
... You'd be better off using PKCS #15, which does about the same as PKCS #12 but in a sensible, logical manner, covers pretty much any algorithm you're likely...
Peter Gutmann
pgut001@...
Aug 30, 1999 11:08 pm
784
... ObSPKI: It does support SPKI keys alongside various other types (X.509, PGP, etc). Peter....
Peter Gutmann
pgut001@...
Aug 31, 1999 12:06 am
785
Does anyone implement PKCS #15 yet, in particular the major browsers and S/MIME implementors? Bob ... You'd be better off using PKCS #15, which does about the...
Bob Jueneman
BJUENEMAN@...
Aug 31, 1999 12:20 am
786
... It's only been around for a few months, so MS and Netscape haven't implemented it yet. A few smaller companies (who can move faster) have implemented it ...
Peter Gutmann
pgut001@...
Aug 31, 1999 12:58 am
787
... I'm getting second thoughts about this format. For an appearant trivial reason. I think I want to associate some kind of label or comment with the...
Niels Möller
nisse@...
Sep 6, 1999 10:20 am
788
Security services and protection mechanisms IPv6 promises regarding IPSec Certification infrastructure Standardization update Case Studies: ISPs, carriers,...
Peter lewis
peter.lewis@...
Sep 10, 1999 11:15 am
789
Security services and protection mechanisms IPv6 promises regarding IPSec Certification infrastructure Standardization update Case Studies: ISPs, carriers,...
