Clik here to view.
Real-world Performance Tuning with Callgrind
This post describe the process of identifying and profiling an inefficient part of GnuTLS. The tool I’m using is callgrind. I won’t describe the tool in detail since I’m not a callgrind expert, instead...
View ArticleClik here to view.
Cyclomatic Code Complexity
Inspired by my own OWASP Sweden chapter talk last night, I learned more about Cyclomatic Code Complexity and did some practical experiments. Cyclomatic Code Complexity was described by Thomas J. McCabe...
View ArticleClik here to view.
CACert and GnuTLS
I haven’t seen this before, so I thought I’d documment how to generate a server TLS certificate using CACert. This can be useful if you are running a mail or web server and easily (and cost free) want...
View ArticleClik here to view.
Thread Safe Functions
I have read Russel Coker’s nice article on identifying use of thread unsafe functions. This reminded me of a script I wrote a long time ago that is part of GNU SASL‘s regression suite: threadsafety. As...
View ArticleClik here to view.
GS2-KRB5 in GNU SASL 1.5.0
I have worked in the IETF on the specification for the next generation GSSAPI-to-SASL bridge called GS2 (see my status page for background) for a couple of years now. The specification is (finally!) in...
View ArticleClik here to view.
Bridging SASL and GSS-API: GS2
Yesterday (12th July 2010) the RFC editor announced the publication of RFC 5801, which I’m co-author of. The GS2 document has taken 5 years to reach this status, see my page on GS2 status. So what is...
View ArticleClik here to view.
GS2-KRB5 using GNU SASL and MIT Kerberos for Windows
I have blogged about GNU SASL and GS2-KRB5 with the native Kerberos on Mac OS X before, so the next logical step has been to support GS2-KRB5 on Windows through MIT Kerberos for Windows (KfW). With the...
View ArticleClik here to view.
GNU SASL with SCRAM-SHA-1-PLUS
I have finished the SCRAM implementation in GNU SASL. The remaining feature to be added were support for the “enhanced” SCRAM-SHA-1-PLUS variant instead of just the normal SCRAM-SHA-1 mechanism. The...
View ArticleClik here to view.
Introducing the OATH Toolkit
I am happy to announce a project that I have been working quietly on for about a year: the OATH Toolkit. OATH stands for Open AuTHentication and is an organization that specify standards around...
View ArticleClik here to view.
Portable Symmetric Key Container (PSKC) Library
For the past weeks I have been working on implementing RFC 6030, also known as Portable Symmetric Key Container (PSKC). So what is PSKC? The Portable Symmetric Key Container (PSKC) format is used to...
View ArticleClik here to view.
BLURB: Software repository metadata convention
As a maintainer of several software packages I often find myself copying text snippets from the README file into different places (savannah, github, freecode, emails, etc). Recently I had a need to...
View ArticleClik here to view.
Replicant 4.2 0002 and NFC on I9300
I’m using Replicant on my Samsung SIII (i9300) phone (see my earlier posts). During my vacation the Replicant project released version 4.2-0002 as a minor update to their initial 4.2 release. I didn’t...
View ArticleScrypt in IETF
Colin Percival and I have worked on an internet-draft on scrypt for some time. I realize now that the -00 draft was published over two years ago, turning this effort today somewhat into archeology...
View Article
