[cryptography] OpenSSL 1.0.0 released

Kevin W. Wall kevin.w.wall at gmail.com
Wed Mar 31 00:20:26 EDT 2010


Peter Gutmann wrote:
> Arturo Quirantes <aquirantes at cripto.es> writes:
> 
>> I  wonder  if  the  new release includes a patch to the recently attack by
>> Pellegrini et al:
>> http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
>> http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
>> and, if not, when will it be available.
> 
> This is currently being held up by a more urgent patch to defend OpenSSL
> against a recently-discovered weakness involving pink unicorns.  The
> Pellegrini attack defence is expected to be rolled out after this patch is
> released, at the same time as a patch for "the leprechaun thing" (details
> currently unpublished due to acute security concerns).
> 
> Peter.

Alas, you leaked this one day early...or are you on the other side of the
international date line? Might already be 4/1 in Auckland. ;-)

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME



More information about the cryptography mailing list