Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 15:45:03 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com
Subject: Re: Prime example of a can of worms

On 22/10/15 15:27, Kurt Seifried wrote:
> Ideally we'd like
> to see people using different primes (e.g. hardware manufacturers not using
> the same primes as everyone else) and where possible people needing more
> security (e.g. a VPN hosting provider) should generate their own keys
> securely.
Could it be possible to generate a new prime in the background, and when
it has been generated, on the next reboot use that one instead? And if
there is not enough time for the new prime to be generated, it falls
back to the old one?

I agree that manufacturers should be using a different prime per, at
least, batch of products.


Thanks,
-- 
-- Joshua Rogers <https://internot.info/>


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ