[cryptography] OpenSSL 1.0.0 released

Adam Back adam at cypherspace.org
Wed Mar 31 10:08:02 EDT 2010


I dont believe it was intended to be rude, just a tongue in cheek way
of saying that the attack is impractical or inapplicable to openSSL.

You have to have a bit of history perhaps to appreciate Peter's
comments - he's actually the author of many very funny and insightful
comments and articles on the state of applied cryptography :)

Adam

2010/3/31 Arturo Quirantes <aquirantes at cripto.es>:
>        If you guys don´t feel like giving a good answer, just don´t. No
> need to play rude. BTW, thanks to James for his post links.
>
>> Peter Gutmann wrote:
>>> Arturo Quirantes <aquirantes at cripto.es> writes:
>>>
>>>> I  wonder  if  the  new release includes a patch to the recently attack by
>>>> Pellegrini et al:
>>>> http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
>>>> http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
>>>> and, if not, when will it be available.
>>>
>>> This is currently being held up by a more urgent patch to defend OpenSSL
>>> against a recently-discovered weakness involving pink unicorns.  The
>>> Pellegrini attack defence is expected to be rolled out after this patch is
>>> released, at the same time as a patch for "the leprechaun thing" (details
>>> currently unpublished due to acute security concerns).
>>>
>>> Peter.
>
>> Alas, you leaked this one day early...or are you on the other side of the
>> international date line? Might already be 4/1 in Auckland.
>
>> -kevin
>
>
> -----------------------------------------------------
> = =     Arturo Quirantes  (PGP: ID 0xE4C36BBD)    = =
> = =     Taller de Criptografía  www.cripto.es     = =
> -----------------------------------------------------
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>



More information about the cryptography mailing list