[cryptography] OpenSSL 1.0.0 released

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Mar 30 20:51:02 EDT 2010


Arturo Quirantes <aquirantes at cripto.es> writes:

>I  wonder  if  the  new release includes a patch to the recently attack by
>Pellegrini et al:
>http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
>http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
>and, if not, when will it be available.

This is currently being held up by a more urgent patch to defend OpenSSL
against a recently-discovered weakness involving pink unicorns.  The
Pellegrini attack defence is expected to be rolled out after this patch is
released, at the same time as a patch for "the leprechaun thing" (details
currently unpublished due to acute security concerns).

Peter.



More information about the cryptography mailing list