RECENT BLOG NEWS

Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate generation.  For general build instructions see doc/Building_CyaSSL.pdf.  For details on how to use certificate generation, refer to section 11 in the wolfSSL manual.

To enable certificate generation support, add this option to ./configure

./configure –enable-certgen

An example is included in ctaocrypt/test/test.c and documentation is provided in doc/CyaSSL_Extensions_Reference.pdf item 11. Please contact support@yassl.com with any questions.

Here’s a nice article for embedded designers faced with securing an 802.11 device:  https://www.embedded.com/design/prototyping-and-development/4206409/10-things-to-consider-when-securing-an-embedded-802-11-Wi-Fi-device.
 
Stapko’s item 8 on the list caught our attention.  He correctly states that “Wi-Fi security protocols are big and slow.”  However, the article is an overview, and is not intended to discuss which ones are bigger and slower, and which ones are smaller and faster.  This, of course, is where we must chirp up and make the point that the wolfSSL embedded ssl solution is sized under 50k, as opposed to some solutions which are 20-50 times that size.

John Sawyer of Dark Reading has put out another great blog post on using SHODAN to find exposed network devices like “printers, routers, fiber channel switches and industrial control systems” on a corporate network, and provides some useful advice for discovering those devices.  See:  https://www.darkreading.com/risk/finding-exposed-devices-on-your-network/d/d-id/1134269? for the full post.

Have you ever wondered if there is a reason for the wolf in our logo? Why does a security company that focuses on embedded SSL products choose a wolf over any number of possible logo designs? We chose a wolf to be part of our logo for several reasons:

• Wolves like to live in free and open environments.
• Wolves communicate and hunt in packs, like open source developers hunt bugs.
• Wolves are lean and fast.

Our recent release of the yaSSL Embedded Web Server:

http://www.prweb.com/releases/2010/06/prweb3468504.htm

The yaSSL Embedded Web Server is available for download for both OSX and Linux from our downloads page.  We look forward to hearing your feedback!  Please contact us for more information regarding the yaSSL Embedded Web Server.

The yaSSL Embedded Web Server is now available for download on Mac OS X and Linux!  The yaSSL Embedded Web Server is based on the popular Mongoose embedded web server – adding built-in SSL functionality.  Working closely with the Mongoose community, we have made it a priority to keep our focus on what customers want.  Reasoning behind choosing the Mongoose web server included:

•   Default size, with CyaSSL enabled, of less than 200K.

•   Excellent code base and community.

•   Portability to real time and embedded operating systems.

For more information about the Mongoose Web Server, documentation (including a manual, full web application example, API reference, and embedding strategies) can be viewed here: http://code.google.com/p/mongoose/w/list

Please contact us at info@yassl.com for more information regarding the yaSSL Embedded Web Server.  Download test and evaluation copies for OS X and Linux here: Download yaSSL Embedded Web Server.  We welcome your feedback!

Release 1.6.0 for the wolfSSL embedded ssl library adds bug fixes, support for RIPEMD-160 and SHA-512 algorithms and RSA key generation.  For general build instructions see doc/Building_wolfSSL.pdf.  For build options to enable RIPEMD-160 and SHA-512, please see the README included in the download.

Please contact support@yassl.com with any questions.

Did you know that the wolfSSL embedded ssl solution includes DTLS support?  wolfSSL has supported DTLS functionality for over a year now.  Frankly, we have not had much user feedback on the feature, which means that either people are not using it or that those using it are perfectly satisfied.  If you care to comment, we’d love your feedback at info@yassl.com. 
 
DTLS was initially designed to serve the needs of secure VoIP designers, SIP users, internet game builders, and others that have an unreliable connection.  Further background on the genesis and purposing of DTLS can be found here:  http://crypto.stanford.edu/~nagendra/papers/dtls.pdf.  The RFC can be found here:  http://tools.ietf.org/html/rfc4347, and the Wikipedia page is here:  http://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security.

Did you know that wolfSSL is available for iPhone/iOS?  We’ve been building and testing wolfSSL on iOS now for the last couple of years.  As wolfSSL users know, the code is extremely portable.  When iPhone originally launched, we decided to build for the device as yet another test for portability.  Everything moved over smoothly and we’ve been building and testing each incremental release ever since.  Let us know if you’re building cross platform applications and need support for iPhone  by contacting us at info@yassl.com.

Ever wondered what the difference between a block cipher and a stream cipher was?  A block cipher has to be encrypted in chunks that are the block size for the cipher.  For example, AES has block size of 16 bytes.  So if you`re encrypting a bunch of small, 2 or 3 byte, chucks back and forth, over 80% of the data is useless padding, decreasing the speed of the encryption/decryption process and needlessly wasting network bandwidth to boot.  So basically block ciphers are designed for large chucks of data, have block sizes requiring padding, and use a fixed, unvarying transformation.

Stream ciphers work well for large or small chucks of data.  They`re suitable for smaller data sizes because no block size is required.  And if speed is a concern, stream ciphers are your answer, because they use a simpler transformation that typically involves an xor`d keystream.  So if you need to stream media, encrypt various data sizes including small ones, or have a need for a fast cipher then stream ciphers are your best bet.

SSL uses RC4 as the default stream cipher.  It`s a pretty good one, though it`s getting a little older.  There are some interesting advancements being made in the field and nearly two years ago wolfSSL added two ciphers from the eStream project into the code base, RABBIT and HC-128.  RABBIT is nearly twice as fast as RC4 and HC-128 is about 5 times as fast!  So if you`ve ever decided not to use SSL because of speed concerns, using wolfSSL`s stream ciphers should lessen or eliminate that performance doubt.

Both RABBIT and HC-128 are built by default into wolfSSL.  Please see the examples or the docs for usage.