Forgot your password?
typodupeerror

+ - OpenSSH has a new cipher, chacha20-poly1305, from D.J. Bernstein!

Submitted by ConstantineM
ConstantineM (965345) writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"

Comment: Re:Version numbers (Score 2) 188

by dmiller (#36393862) Attached to: Google Releases Chrome 12

Google has grabbed a bunch of open source libraries, sometimes respecting the license, hacked on them, and rolled them into Chrom*.

If you have any cases where you think that Chrome is failing to comply with the terms of a free software license, then please file a bug at http://code.google.com/p/chromium/issues/list - we take license compliance very seriously. (I'm a Google engineer, though not working Chrome).

Comment: Re:OpenSSH is not vulnerable (Score 4, Informative) 31

by dmiller (#36271318) Attached to: OpenSSL Timing Attack Can Intercept Private Keys
No, it is not vulnerable to this attack. The Brumley/Tuveri paper describes a timing leak in a specific algorithm that is only used for elliptic curve crypto over binary/GF(2m) fields. OpenSSH uses ECC over prime fields that use different algorithms that have no known timing leaks. A result against ECC using prime fields would be more difficult because the curve point components are integers and so can use well-tested modular arithmetic code.

Comment: Don't be fooled (Score 5, Insightful) 122

by dmiller (#32847916) Attached to: Australia Waters Down, Delays Internet Filter Policy

The changes announced today seem to be little more than a delaying tactic to remove the issue of mandatory Internet censorship from the agenda ahead of the election that is expected to be announced any day now. This issue has turned quite toxic for the government; the people who are for it are only weakly so, but the people who are against it are furious and are already organising campaigns against the government on various social media.

I don't think the government can be trusted not to bring it back in a essentially unmodified form after the next election. Vote accordingly.

Comment: Re:Sony can't be trusted (Score 1) 171

by dmiller (#32263046) Attached to: Sony To Detail "Premium PSN" Plans At E3

Sony has managed to lose my trust too. I was a very happy customer of PS1-3, but the retroactive otheros thing has put me right off. I rarely used Linux once I installed it, but that they were willing to retrospectively nuke an advertised feature of their product clearly demonstrated to me that they do not put the customer first. I wouldn't be at all surprised if they do start crippling the PSN for non-paying customers.

The dumbest thing about the OtherOS removal is that it is probably not even going to help. Now that the hypervisor has been cracked enough to obtain memory dumps, it is far more likely that further hacking is going to rely on bugs that are found in the hypervisor software itself. These will probably be reachable by any application running on the system that takes user or network input. Think that every savegame loader is foolproof? How about that dinky web browser? Nuking OtherOS just pissed off loyal customers and bought them very little.

Comment: Re:Australian Competition & Consumer Commissio (Score 1) 270

by dmiller (#31773878) Attached to: Geohot Brings Other OS Support To PS3 With Custom Firmware
Thanks for the pointer, I have been meaning to do just that. Here is mine:

Sony has just issued a firmware update[1] that disables the "OtherOS" support that is used to run alternate operating systems such as Linux on the Playstation 3 (PS3) game console. This was an advertised feature of the PS3 and was a factor in my decision to purchase the product. The firmware update is effectively mandatory; the PS3 will not support online play or game updates/downloads via the Playstation network without it (these are also advertised features).

That a major consumer electronics company can unilaterally remove advertised features from a product that I have bought and paid for is chilling to say the least and appears misleading and deceptive in the classic "bait and switch" style. I request that the ACCC investigate this matter.

[1] http://blog.us.playstation.com/2010/03/28/ps3-firmware-v3-21-update/

The confusion of a staff member is measured by the length of his memos. -- New York Times, Jan. 20, 1981

Working...