-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
OpenSSL 1.0.0 arrives
,----[ Quote ]
| After a beta phase lasting exactly a year,
| the final version of OpenSSL 1.0.0 is here.
| The source code is now available to
| download and the list of changes from the
| previous version 0.9.8(n) is extensive.
| Version 1.0.0 includes several new features
| and enhancements, including support for the
| Whirlpool free hash algorithm, an
| alternative to the MD5 and SHA-1
| algorithms, which have been under scrutiny
| due to the existence of simplified
| collision attacks.
`----
http://www.h-online.com/open/news/item/OpenSSL-1-0-0-arrives-966919.html
Shishi 0.0.43 (release candidate for 1.0.0)
,----[ Quote ]
| Shishi is an implementation of the Kerberos
| 5 network authentication system. Shishi
| can be used to authenticate users in
| distributed systems. Shishi is part of a
| GNU system.
`----
http://lists.gnu.org/archive/html/info-gnu/2010-03/msg00030.html
GCC 4.5.0 Status Report (2010-03-31), trunk is frozen
,----[ Quote ]
| We have reached the zero P1 GCC 4.5
| regressions required for a release
| candidate build of GCC 4.5.0. To allow
| this state to prevail the trunk is frozen
| for non-documentation changes starting
| April 2nd (use your timezone for your
| advantage). A release candidate will not be
| built before the end of Easter.
`----
http://gcc.gnu.org/ml/gcc/2010-03/msg00477.html
Recent:
Ok, Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU
,----[ Quote ]
| Boy, do I hate it when a FLOSS project is
| given a hard time unfairly. I was this
| morning greeted with news from many places
| that OpenSSL, one of the most common FLOSS
| software libraries used for cryptography, was
| somehow "severely vulnerable".
|
| I had a hunch what was going on. I quickly
| downloaded a copy of the academic paper that
| was cited as the sole source for the story
| and read it. As I feared, OpenSSL was getting
| some bad press unfairly. One must really read
| this academic computer science article in the
| context it was written; most commenting about
| this paper probably did not.
|
| First of all, I don't claim to be an expert
| on cryptography, and I think my knowledge
| level to opine on this subject remains
| limited to a little blog post like this and
| nothing more. Between college and graduate
| school, I worked as a system administrator
| focusing on network security. While a
| computer science graduate student, I did take
| two cryptography courses, two theory of
| computation courses, and one class on
| complexity theory0. So, when compared to the
| general population I probably am an expert,
| but compared to people who actually work in
| cryptography regularly, I'm clearly a novice.
| However, I suspect many who have hitherto
| opined about this academic article to declare
| this "severe vulnerability" have even less
| knowledge than I do on the subject.
`----
http://ebb.org/bkuhn/blog/2010/03/05/crypto-fear.html
Related:
Open Source Software Institute Announces Release of Updated OpenSSL FIPS Object
Module
,----[ Quote ]
| This most recent validated OpenSSL FIPS Object Module is based on version
| 0.9.8 of the OpenSSL cryptographic library and is freely available for
| download through the OSSI website (oss-institute.org). Updated versions of
| OpenSSL FIPS Object Module Security Policy and User Guide will be available
| for download through the OSSI website (oss-institute.org) and may be used and
| reproduced without restriction.
`----
http://www.newswiretoday.com/news/42949/
All systems go for validation of updated OpenSSL module
,----[ Quote ]
| Weathersby says the OSSI has reason to believe the complaints came from
| proprietary vendors hoping to initiate a FUD campaign that would create doubt
| in the minds of government agencies who were considering using OpenSSL as a
| data exchange solution.
`----
http://www.linux.com/feature/119134
,----[ Quote ]
| "After a long and arduous journey that included a suspended validation last
| year .. OpenSSL has regained its FIPS 140-2 validation"
|
| "We called it the FUD campaign," he says. "There were all kinds of
| complaints sent to the CMVP including one about 'Commie code.' .. Silly or
| no, each complaint that's filed really slows down the process."
|
| "the ones they did see often contained redacted, or blacked-out, data about
| who had filed the complaint .. in some cases, proprietary software vendors
| were lodging the complaints.
`----
http://www.linux.com/article.pl?sid=07/02/08/1935232
FCC ignores more than 100 years of wisdom
,----[ Quote ]
| In 1883 French cryptographer Auguste Kerckhoffs published a set of six
| design principles for military encryption systems. The second of these
| principles is generally known today under the observation that security
| through obscurity is not security. The Federal Communications Commission
| (FCC) seems not to have read the history books or to be aware of how its
| sister federal agencies develop security standards....
`----
http://www.infoworld.nl/idgns/bericht.phtml?id=002570DE00740E1800257313005EC092
The FCC, FOSS, and software radios: a mixed bag
,----[ Quote ]
| After studying the new rules -- published in the Federal Register last month
| and taking effect today -- the SFLC concluded that the laws are not
| FOSS-restrictive because they "apply to hardware manufacturers who distribute
| SDR devices, regardless if they use FOSS in them or not." And the Center says
| that since the rules specifically mention the GNU/Linux operating system, the
| FCC is actually acknowledging the importance of open source.
`----
http://www.linux.com/feature/116769
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAku0jXgACgkQU4xAY3RXLo5rtACfXDVla2eGKqMyP2Yaq+XZvHqX
MmwAn0aEdx+kYKq3taCZ0JTaAmr21IAM
=QZPU
-----END PGP SIGNATURE-----
|
|
