[cryptography] OpenSSL 1.0.0 released

Arturo Quirantes aquirantes at cripto.es
Wed Mar 31 09:56:12 EDT 2010


        If you guys don´t feel like giving a good answer, just don´t. No
need to play rude. BTW, thanks to James for his post links.

> Peter Gutmann wrote:
>> Arturo Quirantes <aquirantes at cripto.es> writes:
>> 
>>> I  wonder  if  the  new release includes a patch to the recently attack by
>>> Pellegrini et al:
>>> http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
>>> http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
>>> and, if not, when will it be available.
>> 
>> This is currently being held up by a more urgent patch to defend OpenSSL
>> against a recently-discovered weakness involving pink unicorns.  The
>> Pellegrini attack defence is expected to be rolled out after this patch is
>> released, at the same time as a patch for "the leprechaun thing" (details
>> currently unpublished due to acute security concerns).
>> 
>> Peter.

> Alas, you leaked this one day early...or are you on the other side of the
> international date line? Might already be 4/1 in Auckland.  

> -kevin


-----------------------------------------------------
= =     Arturo Quirantes  (PGP: ID 0xE4C36BBD)    = =
= =     Taller de Criptografía  www.cripto.es     = =
-----------------------------------------------------




More information about the cryptography mailing list