[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
|
From: |
Garreau\, Alexandre |
|
Subject: |
Re: Network security manager |
|
Date: |
Sun, 23 Nov 2014 21:23:45 +0100 |
|
User-agent: |
Gnus (5.13), GNU Emacs 24.4.1 (i586-pc-linux-gnu) |
Le 23/11/2014 à 20h53, Lars Magne Ingebrigtsen a écrit :
> "Garreau, Alexandre" <address@hidden> writes:
>> Unfortunately no, but there are several implementations, mainly in
>> javascript, PHP, and, err, Java, as far as I know. But it’s quite simple
>> and should be easily possible in any language where you can draw simple
>> figures.
>>
>> The three I know:
>> https://github.com/sebsauvage/VizHash/
>> https://github.com/sametmax/VizHash.js
>> https://github.com/inouire/VizHash4j
>>
>> I’d be really glad if someone found a way to do it with elisp… maybe
>> using an external program?
>
> It seems really easy to implement in Emacs Lisp + svg, so that's no
> problem. I've started implementing an SVG creation library.
>
> However, I'm now looking at the algorithm this uses, and I notice:
>
> var hash = hex_sha1(text) + hex_md5(text);
>
> I think the common reaction to seeing md5 being used for anything these
> days is "err". Although it's probably OK here, I wonder what's the
> chance of this algorithm getting much uptake? Has anybody started using
> this?
Yeah, I’ve been surprised by that too. I were thinking that if I had to
make an implementation some day I’d use SHA512 instead.
> Is there an RFC?
No, the developers had the idea and gave some examples of usages
(background change within firefox according domain name’s vizhash to
prevent unicode-phishing for instance, or password verification, or
things like that) without taking care of spreading the idea (which I
think could have a real success).
Le 23/11/2014 à 20h59, Lars Magne Ingebrigtsen a écrit :
> Lars Magne Ingebrigtsen <address@hidden> writes:
>
>> Although it's probably OK here, I wonder what's the
>> chance of this algorithm getting much uptake? Has anybody started using
>> this? Is there an RFC?
>
> And the gnutls library exports a sha1 hash of the pubkey, so I'm not
> quite sure how to get the md5 of it as well...
Oh, I thought gnutls could give an md5 of pubkey since certtool --info
give the md5sum just before the sha1… Anyway if it’s to gnutls to
calculate it it means it’ll be less secure and more likely to find
collisions… :/
signature.asc
Description: PGP signature
- Re: Network security manager, (continued)
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Garreau\, Alexandre, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Garreau\, Alexandre, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager,
Garreau\, Alexandre <=
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, joakim, 2014/11/23
- Re: Network security manager, Stefan Monnier, 2014/11/30
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/30
- Re: Network security manager, Stefan Monnier, 2014/11/30
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19