Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] OpenSSL 1.0.0 Released, Shishi 0.0.43 and GCC 4.5.0 Are Near

  • Subject: [News] OpenSSL 1.0.0 Released, Shishi 0.0.43 and GCC 4.5.0 Are Near
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Thu, 01 Apr 2010 13:11:36 +0100
  • Followup-to: comp.os.linux.advocacy
  • Newsgroups: comp.os.linux.advocacy
  • User-agent: KNode/4.3.1
Hash: SHA1

OpenSSL 1.0.0 arrives

,----[ Quote ]
| After a beta phase lasting exactly a year, 
| the final version of OpenSSL 1.0.0 is here. 
| The source code is now available to 
| download and the list of changes from the 
| previous version 0.9.8(n) is extensive. 
| Version 1.0.0 includes several new features 
| and enhancements, including support for the 
| Whirlpool free hash algorithm, an 
| alternative to the MD5 and SHA-1 
| algorithms, which have been under scrutiny 
| due to the existence of simplified 
| collision attacks.


Shishi 0.0.43 (release candidate for 1.0.0)

,----[ Quote ]
| Shishi is an implementation of the Kerberos 
| 5 network authentication system.  Shishi 
| can be used to authenticate users in 
| distributed systems.  Shishi is part of a 
| GNU system.


GCC 4.5.0 Status Report (2010-03-31), trunk is frozen

,----[ Quote ]
| We have reached the zero P1 GCC 4.5 
| regressions required for a release 
| candidate build of GCC 4.5.0.  To allow 
| this state to prevail the trunk is frozen 
| for non-documentation changes starting 
| April 2nd (use your timezone for your 
| advantage). A release candidate will not be 
| built before the end of Easter.



Ok, Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU

,----[ Quote ]
| Boy, do I hate it when a FLOSS project is
| given a hard time unfairly. I was this
| morning greeted with news from many places
| that OpenSSL, one of the most common FLOSS
| software libraries used for cryptography, was
| somehow "severely vulnerable".
| I had a hunch what was going on. I quickly
| downloaded a copy of the academic paper that
| was cited as the sole source for the story
| and read it. As I feared, OpenSSL was getting
| some bad press unfairly. One must really read
| this academic computer science article in the
| context it was written; most commenting about
| this paper probably did not.
| First of all, I don't claim to be an expert
| on cryptography, and I think my knowledge
| level to opine on this subject remains
| limited to a little blog post like this and
| nothing more. Between college and graduate
| school, I worked as a system administrator
| focusing on network security. While a
| computer science graduate student, I did take
| two cryptography courses, two theory of
| computation courses, and one class on
| complexity theory0. So, when compared to the
| general population I probably am an expert,
| but compared to people who actually work in
| cryptography regularly, I'm clearly a novice.
| However, I suspect many who have hitherto
| opined about this academic article to declare
| this "severe vulnerability" have even less
| knowledge than I do on the subject.



Open Source Software Institute Announces Release of Updated OpenSSL FIPS Object

,----[ Quote ]
| This most recent validated OpenSSL FIPS Object Module is based on version
| 0.9.8 of the OpenSSL cryptographic library and is freely available for
| download through the OSSI website (oss-institute.org). Updated versions of
| OpenSSL FIPS Object Module Security Policy and User Guide will be available
| for download through the OSSI website (oss-institute.org) and may be used and
| reproduced without restriction.


All systems go for validation of updated OpenSSL module

,----[ Quote ]
| Weathersby says the OSSI has reason to believe the complaints came from
| proprietary vendors hoping to initiate a FUD campaign that would create doubt
| in the minds of government agencies who were considering using OpenSSL as a
| data exchange solution.


,----[ Quote ]
| "After a long and arduous journey that included a suspended validation last
| year .. OpenSSL has regained its FIPS 140-2 validation"
| "We called it the FUD campaign," he says. "There were all kinds of
| complaints sent to the CMVP including one about 'Commie code.' .. Silly or
| no, each complaint that's filed really slows down the process."
| "the ones they did see often contained redacted, or blacked-out, data about
| who had filed the complaint .. in some cases, proprietary software vendors
| were lodging the complaints.


FCC ignores more than 100 years of wisdom

,----[ Quote ]
| In 1883 French cryptographer Auguste Kerckhoffs published a set of six
| design principles for military encryption systems. The second of these
| principles is generally known today under the observation that security
| through obscurity is not security. The Federal Communications Commission
| (FCC) seems not to have read the history books or to be aware of how its
|  sister federal agencies develop security standards....


The FCC, FOSS, and software radios: a mixed bag

,----[ Quote ]
| After studying the new rules -- published in the Federal Register last month
| and taking effect today -- the SFLC concluded that the laws are not
| FOSS-restrictive because they "apply to hardware manufacturers who distribute
| SDR devices, regardless if they use FOSS in them or not." And the Center says
| that since the rules specifically mention the GNU/Linux operating system, the
| FCC is actually acknowledging the importance of open source.

Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index