is really gnutls considered harmful?
A comment made few years ago by Howard Chu, the developer of openldap, seems to be being repeated by people, ignorant of the issue, as an argument against GnuTLS. It is the sad truth however that this...
View Articleusing the Belgian ID cards with GnuTLS
Belgium is among the few countries that provide citizens with a smart-card containing RSA private keys and certificates signed by a national authority. Those keys can be used by GnuTLS as well, so...
View ArticleIs copyright right?
For the ones not familiar with copyright, I'll make a short introduction. For a longer description check the wikipedia article. Copyright is a tool invented to foster innovation. It provides the author...
View ArticleGnuTLS 3.0.0
GnuTLS 3.0.0 is finally out! The original announcement can be found at the mailing list. The main and most important changes since 2.12.x are:Support for Datagram TLS 1.0Support for Elliptic Curves...
View ArticleThe problem of cryptographic algorithms & cryptographic accelerators
There are many ways one could use cryptography in GNU/Linux. There are cryptographic libraries such as the Java crypto API, Botan, OpenSSL, GnuTLS and nettle, that provide access to crypto algorithms....
View ArticleArticle 15
Ovrimos was a greek company making an RDBMS. They tried to compete with giants like Oracle and microsoft SQL, but failed. Having the guts to try was enough for me. They are part of history right now...
View ArticleEnhancing privacy in comments
FHEO or "For human eyes only" is a Firefox browser plugin with the goal of enhancing privacy in comments made in social networks or forums. The idea is to counter privacy issues seen mainly in social...
View ArticleThe price to pay for perfect-forward secrecy
[EDIT: Updated results for GnuTLS 3.2 and to adhere to ECRYPT recommendations for key equivalence] Ok, the question seems to be what is perfect forward secrecy? Perfect forward secrecy (PFS) is a...
View ArticleGenerating Diffie-Hellman parameters
Starting with gnutls 3.0 the Diffie-Hellman parameter generation has been changed. That was mandated by the move from libgcrypt to nettle. Nettle didn't support Diffie-Hellman parameter generation, so...
View ArticleSelf-modifying code using GCC
One of my research topics last year was self-modifying code mainly for obfuscation. Having seen how self-modification is implemented for a variety of programs, I could say that most existing techniques...
View ArticleDo we need elliptic curve point compression?
GnuTLS has recently added support for elliptic curves (ECDSA and Elliptic curve Diffie-Hellman). Elliptic curves are an improvement on public key technologies, mostly in efficiency because they require...
View ArticleThe need for SSH-like authentication in TLS
After the Diginotar CA compromise it is apparent that verifying web sites using only a trusted certificate authority (CA) is not sufficient. Currently a web site's certificate is verified against the...
View ArticleGoogle summer of code
This year GnuTLS participates in the Google summer of code under the GNU project umbrella. If you are a student willing to spend this summer coding, check our ideas.
View ArticleClik here to view.
TLS in embedded systems
In some embedded systems space may often be a serious constraint. However, there are many such systems that contain several megabytes of flash either as an SD memory card, or as raw NAND, having no...
View ArticleA flaw in the smart card Kerberos (PKINIT) protocol
Reading security protocols is not always fun nor easy. Protocols like public key Kerberos are hard to read because they just define the packet format and expect the reader to assume a correct message...
View ArticleMeritocracy
This article of prof. Tsoukas makes a great overview of the lack of meritocracy in Greece, which is the main reason I left few years ago. One of the examples in the article is the recent resignation of...
View ArticleUsing the Trusted Platform Module to protect your keys
There was a big hype when the Trusted Platform Module (TPM) was introduced into computers. Briefly it is a co-processor in your PC that allows it to perform calculations independently of the main...
View ArticleSome thoughts on the DANE protocol
A while ago I was writing on why we need an alternative authentication method in TLS. Then I described the SSH-style authentication and how it was implemented it GnuTLS. Another approach is the DANE...
View ArticleClik here to view.
Time is money (in CBC ciphersuites)
While protocols are not always nicely written, deviating from them has a big disadvantage. You cannot blame someone else if there is a problem. It has a small advantage though, you avoid monoculture...
View ArticleThe perils of LGPLv3
LGPLv3 is the latest version of the GNU Lesser General Public License. It follows the successful LGPLv2.1 license, and was released by Free Software Foundation as a counterpart to its GNU General...
View Article