Profile cover photo
Profile photo
Nikos Mavrogiannopoulos
246 followers
246 followers
About
Nikos's posts

Post has attachment
Improving by simplifying the GnuTLS PRNG
One of the most unwanted baggages for crypto implementations written prior to this decade is the (pseudo-)random generator, or simply PRNG. Speaking for GnuTLS, the random generator was written at a time where devices like /dev/urandom did not come by defau...

Post has attachment
Using the Nitrokey HSM with GnuTLS applications
The Nitrokey HSM is an open hardware security module, in the form of a smart card token, which is used to isolate a server's private key from the application. That is, if you have an HTTPS server, such a hardware security module will prevent an attacker whi...

Post has attachment
A brief look at the Linux-kernel random generator interfaces
Most modern operating systems provide a cryptographic pseudo-random number generator (CPRNG), as part of their OS kernel, intended to be used by applications involving cryptographic operations. Linux is no exception in that, and in fact it was the first ope...

Post has attachment
Restricting the scope of CA certificates
The granting of an intermediate CA certificate to a surveillance firm generated quite some fuss . Setting theories aside, the main reason behind that outcry, is the fact that any intermediate CA certificate trusted by the browsers has unlimited powers to ce...

Post has attachment
An overview of the new features in GnuTLS 3.5.0
Few minutes ago I've released GnuTLS 3.5.0. This is the stable-next branch of GnuTLS which will replace the stable GnuTLS 3.4.x branch within a year. It is fully backwards compatible and comes with several new features, the most prominent I'll summarize lat...

Post has attachment
Why do we need SSL VPNs today?
One question that has been bothering me for quite a while, is why do we need SSL VPNs? There is an IETF standardized VPN type, IPSec, and given that, why do SSL VPNs still get deployed? Why not just switch everything to IPSec? Moreover, another important qu...

Post has attachment

Post has attachment
An overview of GnuTLS 3.4.x
This year GnuTLS 3.4.0 was released, as our stable-next  branch, i.e., the branch to replace the current stable branch of GnuTLS (which as of today is the 3.3.x branch). During that time, we also moved our development infrastructure from gitorious to gitlab...

Post has attachment
Software Isolation in Linux
Starting from the assumption that software will always have bugs, we
need a way to isolate and neutralize the effects of the bugs. One
approach is by isolating components of the software such that a breach
in one component doesn't compromise another. Tha...

Post has attachment
A quick overview of GnuTLS development in 2014
2014 was a very interesting year in the development of GnuTLS. On the development side, this year we have incorporated patches with fixes or enhanced functionality from more than 25 people according to openhub, and the main focus was moving GnuTLS 3.3.x fro...
Wait while more posts are being loaded