On Sun, 8 Sep 2013, Daniel Cegiełka wrote:
Subject: Re: [Cryptography] Opening Discussion: Speculation on BULLRUN
http://www.youtube.com/watch?v=K8EGA834Nok
Is DNSSEC is really the right solution?
That is the most unprofessional talk I've seen djb give. He bluffed a
bunch of fanboys with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am certainly not going to advocate Internet-scale KDC. But what
if the application does not need to scale more than a network of
friends?
A thousand times yes.
There is however a little fly in that particular ointment. Sure, we can develop
On 9/8/2013 4:27 AM, Eugen Leitl wrote:
- Forwarded message from James A. Donald jam...@echeque.com -
Date: Sun, 08 Sep 2013 08:34:53 +1000
From: James A. Donald jam...@echeque.com
To: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
Phillip Hallam-Baker hal...@gmail.com writes:
People buy guns despite statistics that show that they are orders of
magnitude more likely to be shot with the gun themselves rather than by an
attacker.
Some years ago NZ abolished its offensive (fighter) air force (the choice was
either to buy
On 9/09/13 06:42 AM, James A. Donald wrote:
On 2013-09-09 11:15 AM, Perry E. Metzger wrote:
Lenstra, Heninger and others have both shown mass breaks of keys based
on random number generator flaws in the field. Random number
generators have been the source of a huge number of breaks over time.
Hi Jeffery,
On 8/09/13 02:52 AM, Jeffrey I. Schiller wrote:
The IETF was (and probably still is) a bunch of hard working
individuals who strive to create useful technology for the
Internet.
Granted! I do not want to say that the IETF people are in a conspiracy
with someone or each other,
On 9/09/13 02:16 AM, james hughes wrote:
I am honestly curious about the motivation not to choose more secure modes that
are already in the suites?
Something I wrote a bunch of years ago seems apropos, perhaps minimally
as a thought experiment:
Hypothesis #1 -- The One True Cipher Suite
Just got word from an Openswan developer:
To my knowledge, we never finished implementing the BTNS mode.
It wouldn't be hard to do --- it's mostly just conditionally commenting out
code.
There's obviously a large potential deployment base for
BTNS for home users, just think of
On 8/09/13 21:24 PM, Perry E. Metzger wrote:
On Sat, 07 Sep 2013 18:50:06 -0700 John Gilmore g...@toad.com wrote:
It was never clear to me why DNSSEC took so long to deploy,
[...]
PS:...
I believe you have answered your own question there, John. Even if we
assume subversion, deployment
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/
Security and Pervasive Monitoring
The Internet community and the IETF care deeply about how much we can trust
commonly used Internet services and the protocols that these services use.
So the reports about large-scale
On Sep 8, 2013, at 1:53 PM, Phillip Hallam-Baker wrote:
I was asked to provide a list of potential points of compromise by a
concerned party. I list the following so far as possible/likely:
It's not clear to me what kinds of compromises you're considering. You've
produced a list of a number
9. sep. 2013 kl. 10:45 skrev Eugen Leitl eu...@leitl.org:
Forwarded without permission, hence anonymized:
Hey, I had a look at SEC2 and the TLS/SSH RFCs. SSH uses secp256/384r1
which has the same parameters as what's in SEC2 which are the same the
parameters as specified in SP800-90 for
On Sep 8, 2013, at 11:41 PM, james hughes wrote:
In summary, it would appear that the most viable solution is to make
I don't see how it's possible to make any real progress within the existing
cloud model, so I'm with you 100% here. (I've said the same earlier.)
Could cloud computing be a
On Mon, 9 Sep 2013, Daniel wrote:
Is there anyone on the lists qualified in ECC mathematics that can
confirm that?
NIST SP 800-90A, Rev 1 says:
The Dual_EC_DRBG requires the specifications of an elliptic curve and
two points on the elliptic curve. One of the following NIST approved
On Sep 8, 2013, at 8:37 PM, James A. Donald wrote:
Your magic key must then take any block of N bits and magically
produce the corresponding plaintext when any given ciphertext
might correspond to many, many different plaintexts depending
on the key
Suppose that the mappings from 2^N
On Sun, 8 Sep 2013, Perry E. Metzger wrote:
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at least
in theory, still current?
I am not sure what is the exact attack you are talking about, but I
guess you
On Sep 8, 2013, at 6:49 PM, Phillip Hallam-Baker wrote:
...The moral is that we have to find other market reasons to use security.
For example simplifying administration of endpoints. I do not argue like some
do that there is no market for security so we should give up, I argue that
there
Hi Perry,
I just came across your message [0] on retrieving the correct key for a
name. I believe that's called Squaring Zooko's Triangle.
I've come up with my ideas and protocol to address this need.
I call it eccentric-authentication. [1,2]
With Regards, Guido.
0:
On Sun, 8 Sep 2013, Peter Fairbrother wrote:
On the one hand, if they continued to recommend that government people use
1024-bit RSA they could be accused of failing their mission to protect
government communications.
On the other hand, if they told ordinary people not to use 1024-bit RSA,
Forwarded without permission, hence anonymized:
Hey, I had a look at SEC2 and the TLS/SSH RFCs. SSH uses secp256/384r1
which has the same parameters as what's in SEC2 which are the same the
parameters as specified in SP800-90 for Dual EC DRBG!
TLS specifies you can use those two curves as
The article of der Spiegel in english can be found on:
http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-sma
rt-phone-data-a-920971.html
and an update ( in English ) will be added today.
-Oorspronkelijk bericht-
Van:
http://www.scottaaronson.com/blog/?p=1517
NSA: Possibly breaking US laws, but still bound by laws of computational
complexity
Last week, I got an email from a journalist with the following inquiry. The
recent Snowden revelations, which made public for the first time the US
government’s “black
On 09/08/2013 11:56 PM, Jerry Leichter wrote:
Which brings into the light the question: Just *why* have so many random
number generators proved to be so weak.
Your three cases left off an important one: Not bothering to seed the
PRNG at all. I think the Java/Android cryptographic (!)
On Mon, Sep 9, 2013 at 3:58 AM, ianG i...@iang.org wrote:
On 9/09/13 02:16 AM, james hughes wrote:
I am honestly curious about the motivation not to choose more secure
modes that are already in the suites?
Something I wrote a bunch of years ago seems apropos, perhaps minimally as
a
Perry asked me to summarise the status of TLS a while back ... luckily I
don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In short, I agree with that draft. And the brief summary is: there's only
one ciphersuite left that's good, and unfortunately its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just to throw in my two cents...
In the early 1990’s I wanted to roll out an encrypted e-mail solution
for the MIT Community (I was the Network Manager and responsible for
the mail system). We already had our Kerberos Authentication system
(of which
On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger pe...@piermont.com wrote:
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at least
in theory, still current?
No. I assume that advice comes from related key attacks
On Mon, 9 Sep 2013 14:18:41 +0300 Alexander Klimov
alser...@inbox.ru wrote:
On Sun, 8 Sep 2013, Perry E. Metzger wrote:
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at
least in theory, still current?
I am
List traffic levels are very high right now.
Although the current situation is worrisome to many of us, the list
becomes less useful to all when it becomes so clogged with posts that
it becomes impossible for any reasonable person to read it.
I and the co-moderators are probably going to start
First, David, thank you for participating in this discussion.
To orient people, we're talking about whether Intel's on-chip
hardware RNGs should allow programmers access to the raw HRNG output,
both for validation purposes to make sure the whole system is working
correctly, and if they would
On Mon, 9 Sep 2013 17:29:24 +0100
Ben Laurie b...@links.org wrote:
Perry asked me to summarise the status of TLS a while back ...
luckily I don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In short, I agree with that draft. And the brief summary
On Sep 9, 2013, at 9:29 AM, Ben Laurie b...@links.org wrote:
Perry asked me to summarise the status of TLS a while back ... luckily I
don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In short, I agree with that draft. And the brief summary is:
On 09/05/2013 05:11 PM, Perry E. Metzger wrote:
A hardware generator can have
horrible flaws that are hard to detect without a lot of data from many
devices.
Can you be more specific? What flaws?
On 09/08/2013 08:42 PM, James A. Donald wrote:
It is hard, perhaps impossible, to have test
➢ then maybe it's not such a silly accusation to think that root CAs are
routinely distributed to multinational secret
➢ services to perform MITM session decryption on any form of communication
that derives its security from the CA PKI.
How would this work, in practice? How would knowing a
would you care to explain the very strange design decision
to whiten the numbers on chip, and not provide direct
access to the raw unwhitened output.
On 2013-09-09 2:40 PM, David Johnston wrote:
#1 So that that state remains secret from things trying to
discern that state for purposes of
On Tue, 10 Sep 2013 00:23:51 +0200 Adam Back a...@cypherspace.org
wrote:
On Mon, Sep 09, 2013 at 06:03:14PM -0400, Perry E. Metzger wrote:
On Mon, 9 Sep 2013 14:07:58 +0300 Alexander Klimov wrote:
No. They are widely used curves and thus a good way to reduce
conspiracy theories that they
On 09/09/13 13:08, Guido Witmond wrote:
Hi Perry,
I just came across your message [0] on retrieving the correct key for a
name. I believe that's called Squaring Zooko's Triangle.
I've come up with my ideas and protocol to address this need.
I call it eccentric-authentication. [1,2]
With
From: Eugen Leitl eu...@leitl.org
Forwarded with permission.
[snip]
http://hack.org/mc/projects/btns/
So there *is* a BTNS implementation, after all. Albeit
only for OpenBSD -- but this means FreeBSD is next, and
Linux to follow.
I might add that as far as I
* NSA employees participted throughout, and occupied leadership roles
in the committee and among the editors of the documents
Slam dunk. If the NSA had wanted it, they would have designed it themselves.
The only
conclusion for their presence that is rational is to sabotage it [3].
On 09/09/13 12:53, Alexander Klimov wrote:
On Sun, 8 Sep 2013, Peter Fairbrother wrote:
You can use any one of trillions of different elliptic curves,which should be
chosen partly at random and partly so they are the right size and so on; but
you can also start with some randomly-chosen
On Mon, Sep 9, 2013 at 10:37 AM, Nemo n...@self-evident.org wrote:
The approach appears to be an attempt at a nothing up my sleeve
construction. Appendix A says how to start with a seed value and use SHA-1
as a psuedo-random generator to produce candidate curves until a suitable
one is found.
-Original Message-
From: cryptography-bounces+owen.shepherd=e43...@metzdowd.com
[mailto:cryptography-bounces+owen.shepherd=e43...@metzdowd.com]
On Behalf Of David Johnston
Sent: 09 September 2013 05:41
To: cryptography@metzdowd.com
Subject: Re: [Cryptography] [cryptography] Random
I have been reading FIPS 186-3 (
http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf) and 186-4 (
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf), particularly
Appendix A describing the procedure for generating elliptic curves and
Appendix D specifying NIST's recommended
On Mon, 9 Sep 2013 14:07:58 +0300 Alexander Klimov
alser...@inbox.ru wrote:
On Mon, 9 Sep 2013, Daniel wrote:
Is there anyone on the lists qualified in ECC mathematics that can
confirm that?
NIST SP 800-90A, Rev 1 says:
The Dual_EC_DRBG requires the specifications of an elliptic curve
Reading about several attacks based on partial message replay, I was
wondering if the following idea had any worth, or maybe was already
widely used (sorry, I'm way behind in the literature):
the actual symmetric key to be used to encrypt the payload is the
hash of the shared secret, the time,
On 09/09/13 23:03, Perry E. Metzger wrote:
On Mon, 9 Sep 2013, Daniel wrote:
[...] They are widely used curves and thus a good way to reduce
conspiracy theories that they were chosen in some malicious way to
subvert DRBG.
Er, don't we currently have documents from the New York Times and the
On Tue, 10 Sep 2013 00:25:20 +0100 Peter Fairbrother
zenadsl6...@zen.co.uk wrote:
On 09/09/13 23:03, Perry E. Metzger wrote:
On Mon, 9 Sep 2013, Daniel wrote:
[...] They are widely used curves and thus a good way to reduce
conspiracy theories that they were chosen in some malicious way
Hi Ben,
On 09/09/2013 05:29 PM, Ben Laurie wrote:
Perry asked me to summarise the status of TLS a while back ... luckily I
don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In short, I agree with that draft. And the brief summary is: there's only
Phillip Hallam-Baker hal...@gmail.com wrote:
5) Protocol vulnerability that IETF might have fixed but was discouraged
from fixing.
By the way, it was a very interesting exercise to actually write out
on graph paper the bytes that would be sent in a TLS exchange. I did
this with Paul Wouters
On Sep 9, 2013, at 6:32 PM, Perry E. Metzger pe...@piermont.com wrote:
First, David, thank you for participating in this discussion.
To orient people, we're talking about whether Intel's on-chip
hardware RNGs should allow programmers access to the raw HRNG output,
both for validation
On Sep 9, 2013, at 2:49 PM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote:
On 09/09/2013 05:29 PM, Ben Laurie wrote:
Perry asked me to summarise the status of TLS a while back ... luckily I
don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In
51 matches
Mail list logo