RECENT BLOG NEWS

John Sawyer of Dark Reading has put out another great blog post on using SHODAN to find exposed network devices like “printers, routers, fiber channel switches and industrial control systems” on a corporate network, and provides some useful advice for discovering those devices.  See:  https://www.darkreading.com/risk/finding-exposed-devices-on-your-network/d/d-id/1134269? for the full post.

Have you ever wondered if there is a reason for the wolf in our logo? Why does a security company that focuses on embedded SSL products choose a wolf over any number of possible logo designs? We chose a wolf to be part of our logo for several reasons:

• Wolves like to live in free and open environments.
• Wolves communicate and hunt in packs, like open source developers hunt bugs.
• Wolves are lean and fast.

Our recent release of the yaSSL Embedded Web Server:

http://www.prweb.com/releases/2010/06/prweb3468504.htm

The yaSSL Embedded Web Server is available for download for both OSX and Linux from our downloads page.  We look forward to hearing your feedback!  Please contact us for more information regarding the yaSSL Embedded Web Server.

The yaSSL Embedded Web Server is now available for download on Mac OS X and Linux!  The yaSSL Embedded Web Server is based on the popular Mongoose embedded web server – adding built-in SSL functionality.  Working closely with the Mongoose community, we have made it a priority to keep our focus on what customers want.  Reasoning behind choosing the Mongoose web server included:

•   Default size, with CyaSSL enabled, of less than 200K.

•   Excellent code base and community.

•   Portability to real time and embedded operating systems.

For more information about the Mongoose Web Server, documentation (including a manual, full web application example, API reference, and embedding strategies) can be viewed here: http://code.google.com/p/mongoose/w/list

Please contact us at info@yassl.com for more information regarding the yaSSL Embedded Web Server.  Download test and evaluation copies for OS X and Linux here: Download yaSSL Embedded Web Server.  We welcome your feedback!

Release 1.6.0 for the wolfSSL embedded ssl library adds bug fixes, support for RIPEMD-160 and SHA-512 algorithms and RSA key generation.  For general build instructions see doc/Building_wolfSSL.pdf.  For build options to enable RIPEMD-160 and SHA-512, please see the README included in the download.

Please contact support@yassl.com with any questions.

Did you know that the wolfSSL embedded ssl solution includes DTLS support?  wolfSSL has supported DTLS functionality for over a year now.  Frankly, we have not had much user feedback on the feature, which means that either people are not using it or that those using it are perfectly satisfied.  If you care to comment, we’d love your feedback at info@yassl.com. 
 
DTLS was initially designed to serve the needs of secure VoIP designers, SIP users, internet game builders, and others that have an unreliable connection.  Further background on the genesis and purposing of DTLS can be found here:  http://crypto.stanford.edu/~nagendra/papers/dtls.pdf.  The RFC can be found here:  http://tools.ietf.org/html/rfc4347, and the Wikipedia page is here:  http://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security.

Did you know that wolfSSL is available for iPhone/iOS?  We’ve been building and testing wolfSSL on iOS now for the last couple of years.  As wolfSSL users know, the code is extremely portable.  When iPhone originally launched, we decided to build for the device as yet another test for portability.  Everything moved over smoothly and we’ve been building and testing each incremental release ever since.  Let us know if you’re building cross platform applications and need support for iPhone  by contacting us at info@yassl.com.

Ever wondered what the difference between a block cipher and a stream cipher was?  A block cipher has to be encrypted in chunks that are the block size for the cipher.  For example, AES has block size of 16 bytes.  So if you`re encrypting a bunch of small, 2 or 3 byte, chucks back and forth, over 80% of the data is useless padding, decreasing the speed of the encryption/decryption process and needlessly wasting network bandwidth to boot.  So basically block ciphers are designed for large chucks of data, have block sizes requiring padding, and use a fixed, unvarying transformation.

Stream ciphers work well for large or small chucks of data.  They`re suitable for smaller data sizes because no block size is required.  And if speed is a concern, stream ciphers are your answer, because they use a simpler transformation that typically involves an xor`d keystream.  So if you need to stream media, encrypt various data sizes including small ones, or have a need for a fast cipher then stream ciphers are your best bet.

SSL uses RC4 as the default stream cipher.  It`s a pretty good one, though it`s getting a little older.  There are some interesting advancements being made in the field and nearly two years ago wolfSSL added two ciphers from the eStream project into the code base, RABBIT and HC-128.  RABBIT is nearly twice as fast as RC4 and HC-128 is about 5 times as fast!  So if you`ve ever decided not to use SSL because of speed concerns, using wolfSSL`s stream ciphers should lessen or eliminate that performance doubt.

Both RABBIT and HC-128 are built by default into wolfSSL.  Please see the examples or the docs for usage.

Hi!  The next wolfSSL release should be ready this week, barring unforeseen testing issues.  Our big feature addition for this release is key generation.  The addition of key generation to wolfSSL clears the way for us to add certificate generation, with planned availability in September.  We’ve had a number of our commercial customers as well as open source users asking us for these features for various reasons, and we’re happy to add them for the enjoyment of all. 
 
One use case that we are particularly excited about is enabling digital signing for embedded systems and devices.  Essentially, we’ll be providing the key components in our next release for our users to set up digital signing for their various embedded systems.  Watch this space for our white paper on the topic.  The white paper will go through the process of setting up your own private certificate authority, as you would do if you were setting up your own private app store or secure firmware download site.  Many users like to do this sort of thing if they have closed systems, and don’t need certificates from a standard certificate authority.  Who knows, perhaps one of our users will use wolfSSL certificate generation to break the monopolies currently enjoyed by the current batch of certificate authorities. 
 
If you are a device vendor, you might ask the broader question of why to use SSL secure firmware download to your devices?  First, you will know where the firmware updated and installed on your device is coming from.  It won’t be random, it will be coming from a server you control.  Second, you will know that the software updated to the device has not been tampered with during delivery. 
 
As we saw from the recent Security B-Sides presentation “Fun with VxWorks” (The presentation can be found here: https://speakerdeck.com/hdm/fun-with-vxworks), the attack vector of current interest is embedded systems and devices.  As such, vendors of connected devices such as printers, cameras, etc, will need to be setting up their own private secure delivery mechanisms for applying firmware updates, etc. 
 
As always, we’re here to help.  Contact us at info@yassl.com if you need help with this stuff, either on the server side or the device side.

If you are an adopter of IPv6 and want to use an embedded ssl implementation, then you may have been wondering if wolfSSL supports IPv6.  The answer is yes, we do support wolfSSL running on top of IPv6.  Note that our current test applications default to IPv4, so as to apply to a broader number of systems.  Please see https://www.wolfssl.com/docs/wolfssl-manual/ch2/ –enable-ipv6 to change the test applications to IPv6.  You can contact us at facts@wolfssl.com if you need assistance with IP version issues.
 
Further information on IPv6 can be found here:  http://en.wikipedia.org/wiki/IPv6.