Date: Sun, 2 May 1999 18:46:25 +0200 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Mark Murray <mark@grondar.za> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <19990502184625.E32819@bitbox.follo.net> In-Reply-To: <199905021627.SAA03150@greenpeace.grondar.za>; from Mark Murray on Sun, May 02, 1999 at 06:27:29PM %2B0200 References: <21634.925539195@critter.freebsd.dk> <Pine.BSF.3.96.990501150648.2670B-100000@fledge.watson.org> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za> <19990502181647.C32819@bitbox.follo.net> <199905021627.SAA03150@greenpeace.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 02, 1999 at 06:27:29PM +0200, Mark Murray wrote: > Eivind Eklund wrote: > > As for the libcrypto naming conflict - is the Kerberos libcrypto used > > by things outside Kerberos, or is it feasible to rename it? When I > > get around to integrating the signature support into pkg_* (I have > > code that work in a test environment, but haven't had time to > > integrate it), we'll need libcrypto from OpenSSL in order to support > > signatures - and renaming it in the port would IMO be fairly evil. > > Ditto for Kerberos, and Kerberos got there first :-) I know - I'm trying to find the lesser of the two evils. That's why I was asking if it was used outside of Kerberos itself. > How do your signatures work? Can you not just use the MD? and SHA > algorithms out of libmd? If not, can we not extend libmd? They use x.509 and the Sun package signature standard. As far as I remember, it would be possible to re-implement parts of the code based on something other than x.509 (e.g, DSA) and still be marginally compliant (no other tools would work, but the standard allows alternate signature algorithms, and signatures based on several public key system on the same package). However, that would be more work than I'll have time for in the forseeable future :-( The code was written with the assumption that we could make it work by just requiring the libcrypto from (then) SSLeay in order to actually do any signature checking by just opening it dynamically and check signatures if it was there. The signatures aren't "mine", BTW - the code was written by one of my co-workers (rmz@yes.no) on company time. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990502184625.E32819>