[Ach] Project Status
Jan Hill
jan at jan-hill.com
Sun Jan 25 13:04:02 CET 2015
Next try to help to solve a TODO in the dokument ;-)
cheers
Jan
-------- Weitergeleitete Nachricht --------
Betreff: AppliedCryptoHardening: Java 7 DH-parameterlength
limitation(1024bit)
Datum: Fri, 03 Jan 2014 22:05:34 +0100
Von: Jan Hill <jan at jan-hill.com>
An: ach at lists.cert.at
Hello,
first of all thank you for:
"AppliedCryptoHardening" :-)
In the paper I found this (page 52):
"We could not verify yet if installing JCE also fixes the Java7
DH-parameterlength limitation(1024bit). TODO:do that!"
In my opinion there is a limitation to 1024 also with the strong
encryption jars:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
There ar some open issues in the tracker, but I can't send a link, looks
like the Bugtracker is down :(
In Java 8 is a bugfix up to 2048, I think this was included from b56 or
b58. I can't send a link, looks like the Bugtracker is down :(
http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html
Cheers
Jan
Am 25.01.2015 um 00:18 schrieb Aaron Zauner:
> Hi,
>
> I've merged a couple of long-open now reviewed (thx to kronos, sebix)
> PRs from GitHub to our upstream repo:
> https://git.bettercrypto.org/ach-master.git/log/HEAD
>
> On GitHub there're still a couple of PRs that need review (i.e. in
> addition to mine), if you have some spare time and would like to help
> out please do so over here:
> https://github.com/BetterCrypto/Applied-Crypto-Hardening/pulls
>
>
> For the time being I'm very busy with research and customers (need to
> pay my bills as well, right? :)). I'd really like to have more people
> actively working on this project again. One thing is pretty certain:
> with so many moving targets, this document will always be in DRAFT
> phase. But it urgently needs cleanup and review by all the people that
> promised to review about a year ago by now (I hope I still remember all
> of them). So,.. we need help. If you're already on this mailing list and
> have never thought about contributing - it's your time to shine!
> ..Or simply spread the word. I'm sure there are hackers around looking
> for another project to contribute to.
>
> Hope everybody is doing well,
> Aaron (azet)
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150125/15e792f9/attachment.html>
More information about the Ach
mailing list