<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Next try to help to solve a TODO in the dokument ;-)<br>
<br>
cheers<br>
Jan<br>
<br>
-------- Weitergeleitete Nachricht --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Betreff: </th>
<td>AppliedCryptoHardening: Java 7 DH-parameterlength
limitation(1024bit)</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Datum: </th>
<td>Fri, 03 Jan 2014 22:05:34 +0100</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Von: </th>
<td>Jan Hill <a class="moz-txt-link-rfc2396E" href="mailto:jan@jan-hill.com"><jan@jan-hill.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">An: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:ach@lists.cert.at">ach@lists.cert.at</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>Hello,
first of all thank you for:
"AppliedCryptoHardening" :-)
In the paper I found this (page 52):
"We could not verify yet if installing JCE also fixes the Java7
DH-parameterlength limitation(1024bit). TODO:do that!"
In my opinion there is a limitation to 1024 also with the strong
encryption jars:
<a class="moz-txt-link-freetext" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html">http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html</a>
There ar some open issues in the tracker, but I can't send a link, looks
like the Bugtracker is down :(
In Java 8 is a bugfix up to 2048, I think this was included from b56 or
b58. I can't send a link, looks like the Bugtracker is down :(
<a class="moz-txt-link-freetext" href="http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html">http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html</a>
Cheers
Jan
</pre>
<br>
<br>
<div class="moz-cite-prefix">Am 25.01.2015 um 00:18 schrieb Aaron
Zauner:<br>
</div>
<blockquote cite="mid:54C4282E.3060808@azet.org" type="cite">
<pre wrap="">Hi,
I've merged a couple of long-open now reviewed (thx to kronos, sebix)
PRs from GitHub to our upstream repo:
<a class="moz-txt-link-freetext" href="https://git.bettercrypto.org/ach-master.git/log/HEAD">https://git.bettercrypto.org/ach-master.git/log/HEAD</a>
On GitHub there're still a couple of PRs that need review (i.e. in
addition to mine), if you have some spare time and would like to help
out please do so over here:
<a class="moz-txt-link-freetext" href="https://github.com/BetterCrypto/Applied-Crypto-Hardening/pulls">https://github.com/BetterCrypto/Applied-Crypto-Hardening/pulls</a>
For the time being I'm very busy with research and customers (need to
pay my bills as well, right? :)). I'd really like to have more people
actively working on this project again. One thing is pretty certain:
with so many moving targets, this document will always be in DRAFT
phase. But it urgently needs cleanup and review by all the people that
promised to review about a year ago by now (I hope I still remember all
of them). So,.. we need help. If you're already on this mailing list and
have never thought about contributing - it's your time to shine!
..Or simply spread the word. I'm sure there are hackers around looking
for another project to contribute to.
Hope everybody is doing well,
Aaron (azet)
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ach mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a>
<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a>
</pre>
</blockquote>
<br>
</body>
</html>