For you tree hugger types, this O'Reilly book by John Viega is available
from the Phoenix public library (probably in at the Central Branch on the
5th floor).
http://www.objectgraph.com/img/blog/book2.png
But sadly not autographed!
On Mon, Jun 21, 2010 at 7:38 PM, Tim Bogart <
timbogart@yahoo.com> wrote:
> John Viega is probably one of the leading authorities on the
> vulnerabilities regarding SSL. I used to have his book (signed of course),
> but that's another story. For those who may be interested,
>
>
> http://www.infibeam.com/Books/info/John-Viega/Network-Security-with-Open-SSL/059600270X.html
>
> It's an O'Rielly.
>
> t
>
> ------------------------------
> *From:* Lisa Kachold <lisakachold@obnosis.com>
> *To:* gm5729@gmail.com; Main PLUG discussion list <
> plug-discuss@lists.plug.phoenix.az.us>
> *Sent:* Mon, June 21, 2010 7:23:49 PM
> *Subject:* Re: Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt
>
>
>
> On Wed, Jun 9, 2010 at 7:36 AM, gk <gm5729@gmail.com> wrote:
>
>> I hope I am making an apples to apples comparison.
>>
>> I'm not talking about Debian's mess up awhile back. Nor am I talking about
>> something that was flying around Debian's mailing list for OpenSSL,
>> FUSE/ENCFS and AES ciphers.
>>
>>
>> I'm talking overall. Which is the most stable, has the highest probability
>> of not be broken in our lifetimes (20 yrs). Mainly I'm trying to center in
>> on file management, not email. GPG is good for email, but I find that using
>> OpenSSL is actually easier because it is by default installed on *nix boxen,
>> AND is VERY VERY easily installed on M$ products compared to the massive
>> hoops that have to be done for GPG on the later that even a well versed
>> Linux user would be pressed to install right.
>>
>> scrypt claims it is much more difficult in its derivations than bcrypt
>> which is 448 bit Blowfish. Thereby saying it is harder to "crack". However,
>> I can not find anything on scrypt that says what type of encryption method
>> it uses much less bit value.
>>
>> So if you had a face off between OpenSSL, GPG and scrypt for file
>> encryption. Let me say bcrypt has some funky responses once in a while to
>> extra large files, ie > 4gb. Which to use?
>>
>>
>> gk
>>
>> --
>> Remember, it's not that we have something to hide; it's that we have
>> nothing to show.
>>
>> --Keep tunneling.
>>
>
> I would have to take the openssl road here!
>
> Of course, maintaining the most recent stable version and upgrading when
> security issues are found are required of all code or systems tools
> management.
>
> We are not even going to begin to discuss that entropy remains broken.
>
> --
> Office: (480)307-8707
> AT&T: (503)754-4452
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Office: (480)307-8707
AT&T: (503)754-4452
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
.%0A>%20%0A>%20http://www.objectgraph.com/img/blog/book2.png%0A>%20%0A>%20%0A>%20But%20sadly%20not%20autographed!%0A>%20%0A>%20On%20Mon,%20Jun%2021,%202010%20at%207:38%20PM,%20Tim%20Bogart%20<timbogart@yahoo.com>%20wrote:%0A>%20%0A>%20>%20John%20Viega%20is%20probably%20one%20of%20the%20leading%20authorities%20on%20the%0A>%20>%20vulnerabilities%20regarding%20SSL.%20%20I%20used%20to%20have%20his%20book%20(signed%20of%20course),%0A>%20>%20but%20that's%20another%20story.%20%20For%20those%20who%20may%20be%20interested,%0A>%20>%0A>%20>%0A>%20>%20http://www.infibeam.com/Books/info/John-Viega/Network-Security-with-Open-SSL/059600270X.html%0A>%20>%0A>%20>%20It's%20an%20O'Rielly.%0A>%20>%0A>%20>%20t%0A>%20>%0A>%20>%20------------------------------%0A>%20>%20*From:*%20Lisa%20Kachold%20<lisakachold@obnosis.com>%0A>%20>%20*To:*%20gm5729@gmail.com;%20Main%20PLUG%20discussion%20list%20<%0A>%20>%20plug-discuss@lists.plug.phoenix.az.us>%0A>%20>%20*Sent:*%20Mon,%20June%2021,%202010%207:23:49%20PM%0A>%20>%20*Subject:*%20Re:%20Crackabiltiy%20of%20OpenSSL,%20GPG,%20bcrypt%20and%20scrypt%0A>%20>%0A>%20>%0A>%20>%0A>%20>%20On%20Wed,%20Jun%209,%202010%20at%207:36%20AM,%20gk%20<gm5729@gmail.com>%20wrote:%0A>%20>%0A>%20>>%20I%20hope%20I%20am%20making%20an%20apples%20to%20apples%20comparison.%0A>%20>>%0A>%20>>%20I'm%20not%20talking%20about%20Debian's%20mess%20up%20awhile%20back.%20Nor%20am%20I%20talking%20about%0A>%20>>%20something%20that%20was%20flying%20around%20Debian's%20mailing%20list%20for%20OpenSSL,%0A>%20>>%20FUSE/ENCFS%20and%20AES%20ciphers.%0A>%20>>%0A>%20>>%0A>%20>>%20I'm%20talking%20overall.%20Which%20is%20the%20most%20stable,%20has%20the%20highest%20probability%0A>%20>>%20of%20not%20be%20broken%20in%20our%20lifetimes%20(20%20yrs).%20Mainly%20I'm%20trying%20to%20center%20in%0A>%20>>%20on%20file%20management,%20not%20email.%20GPG%20is%20good%20for%20email,%20but%20I%20find%20that%20using%0A>%20>>%20OpenSSL%20is%20actually%20easier%20because%20it%20is%20by%20default%20installed%20on%20*nix%20boxen,%0A>%20>>%20AND%20is%20VERY%20VERY%20easily%20installed%20on%20M%24%20products%20compared%20to%20the%20massive%0A>%20>>%20hoops%20that%20have%20to%20be%20done%20for%20GPG%20on%20the%20later%20that%20even%20a%20well%20versed%0A>%20>>%20Linux%20user%20would%20be%20pressed%20to%20install%20right.%0A>%20>>%0A>%20>>%20scrypt%20claims%20it%20is%20much%20more%20difficult%20in%20its%20derivations%20than%20bcrypt%0A>%20>>%20which%20is%20448%20bit%20Blowfish.%20Thereby%20saying%20it%20is%20harder%20to%20%22crack%22.%20However,%0A>%20>>%20I%20can%20not%20find%20anything%20on%20scrypt%20that%20says%20what%20type%20of%20encryption%20method%0A>%20>>%20it%20uses%20much%20less%20bit%20value.%0A>%20>>%0A>%20>>%20So%20if%20you%20had%20a%20face%20off%20between%20OpenSSL,%20GPG%20and%20scrypt%20for%20file%0A>%20>>%20encryption.%20Let%20me%20say%20bcrypt%20has%20some%20funky%20responses%20once%20in%20a%20while%20to%0A>%20>>%20extra%20large%20files,%20ie%20>%204gb.%20Which%20to%20use?%0A>%20>>%0A>%20>>%0A>%20>>%20gk%0A>%20>>%0A>%20>>%20--%0A>%20>>%20Remember,%20it's%20not%20that%20we%20have%20something%20to%20hide;%20it's%20that%20we%20have%0A>%20>>%20nothing%20to%20show.%0A>%20>>%0A>%20>>%20--Keep%20tunneling.%0A>%20>>%0A>%20>%0A>%20>%20I%20would%20have%20to%20take%20the%20openssl%20road%20here!%0A>%20>%0A>%20>%20Of%20course,%20maintaining%20the%20most%20recent%20stable%20version%20and%20upgrading%20when%0A>%20>%20security%20issues%20are%20found%20are%20required%20of%20all%20code%20or%20systems%20tools%0A>%20>%20management.%0A>%20>%0A>%20>%20We%20are%20not%20even%20going%20to%20begin%20to%20discuss%20that%20entropy%20remains%20broken.%0A>%20>%0A>%20>%20--%0A>%20>%20Office:%20(480)307-8707%0A>%20>%20AT&T:%20(503)754-4452%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%0A>%20>%20---------------------------------------------------%0A>%20>%20PLUG-discuss%20mailing%20list%20-%20PLUG-discuss@lists.plug.phoenix.az.us%0A>%20>%20To%20subscribe,%20unsubscribe,%20or%20to%20change%20your%20mail%20settings:%0A>%20>%20http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss%0A>%20>%0A>%20%0A>%20%0A>%20%0A>%20--%20%0A>%20Office:%20(480)307-8707%0A>%20AT&T:%20(503)754-4452%0A>%20---------------------------------------------------%0A>%20PLUG-discuss%20mailing%20list%20-%20PLUG-discuss@lists.plug.phoenix.az.us%0A>%20To%20subscribe,%20unsubscribe,%20or%20to%20change%20your%20mail%20settings:%0A>%20http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss "Reply to this message")
(text/plain)