For you tree hugger types, this O'Reilly book by John Viega is available from the Phoenix public library (probably in at the Central Branch on the 5th floor). http://www.objectgraph.com/img/blog/book2.png But sadly not autographed! On Mon, Jun 21, 2010 at 7:38 PM, Tim Bogart wrote: > John Viega is probably one of the leading authorities on the > vulnerabilities regarding SSL. I used to have his book (signed of course), > but that's another story. For those who may be interested, > > > http://www.infibeam.com/Books/info/John-Viega/Network-Security-with-Open-SSL/059600270X.html > > It's an O'Rielly. > > t > > ------------------------------ > *From:* Lisa Kachold > *To:* gm5729@gmail.com; Main PLUG discussion list < > plug-discuss@lists.plug.phoenix.az.us> > *Sent:* Mon, June 21, 2010 7:23:49 PM > *Subject:* Re: Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt > > > > On Wed, Jun 9, 2010 at 7:36 AM, gk wrote: > >> I hope I am making an apples to apples comparison. >> >> I'm not talking about Debian's mess up awhile back. Nor am I talking about >> something that was flying around Debian's mailing list for OpenSSL, >> FUSE/ENCFS and AES ciphers. >> >> >> I'm talking overall. Which is the most stable, has the highest probability >> of not be broken in our lifetimes (20 yrs). Mainly I'm trying to center in >> on file management, not email. GPG is good for email, but I find that using >> OpenSSL is actually easier because it is by default installed on *nix boxen, >> AND is VERY VERY easily installed on M$ products compared to the massive >> hoops that have to be done for GPG on the later that even a well versed >> Linux user would be pressed to install right. >> >> scrypt claims it is much more difficult in its derivations than bcrypt >> which is 448 bit Blowfish. Thereby saying it is harder to "crack". However, >> I can not find anything on scrypt that says what type of encryption method >> it uses much less bit value. >> >> So if you had a face off between OpenSSL, GPG and scrypt for file >> encryption. Let me say bcrypt has some funky responses once in a while to >> extra large files, ie > 4gb. Which to use? >> >> >> gk >> >> -- >> Remember, it's not that we have something to hide; it's that we have >> nothing to show. >> >> --Keep tunneling. >> > > I would have to take the openssl road here! > > Of course, maintaining the most recent stable version and upgrading when > security issues are found are required of all code or systems tools > management. > > We are not even going to begin to discuss that entropy remains broken. > > -- > Office: (480)307-8707 > AT&T: (503)754-4452 > > > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Office: (480)307-8707 AT&T: (503)754-4452