On 23 September 2013 01:09, Phillip Hallam-Baker hal...@gmail.com wrote:
So we think there is 'some kind' of backdoor in a random number generator.
One question is how the EC math might make that possible. Another is how
might the door be opened.
Are you talking about
On Sep 22, 2013, at 8:09 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
I was thinking about this and it occurred to me that it is fairly easy to get
a public SSL server to provide a client with a session key - just ask to
start a session.
Which suggests that maybe the backdoor [for an
On 9/22/13 at 6:07 PM, leich...@lrw.com (Jerry Leichter) wrote
in another thread:
Still, it raises the question: If you can't trust your
microprocessor chips, what do you do? One possible answer:
Build yourself a processor out of MSI chips. We used to do
that, not so long ago, and got
On Tue, Sep 24, 2013 at 10:59 AM, Jerry Leichter leich...@lrw.com wrote:
On Sep 22, 2013, at 8:09 PM, Phillip Hallam-Baker hal...@gmail.com
wrote:
I was thinking about this and it occurred to me that it is fairly easy
to get a public SSL server to provide a client with a session key - just
Hi,
On 09/23/2013 10:47 AM, Peter Gutmann wrote:
I'm inclined to agree with you, but you might be interested/horrified in the
1024 bits is enough for anyone debate currently unfolding on the TLS list:
That's rather misrepresenting the situation. It's a debate between two
groups, the
On 23/09/2013 3:45 PM, John Kelsey wrote:
It needs to be in their business interest to convince you that they *can't*
betray you in most ways.
This is the most important element, and legislation that states you
cannot share that information won't be enough, especially since the
NSLs have
So we think there is 'some kind' of backdoor in a random number
generator.
One question is how the EC math might make that possible. Another is how
might the door be opened.
I'm assuming you're talking about DUAL_EC_DBRG. Where the backdoor is and
how it can be exploited is pretty simple to
On Sep 24, 2013, at 7:53 PM, Phillip Hallam-Baker wrote:
There are three ways a RNG can fail
1) Insufficient randomness in the input
2) Losing randomness as a result of the random transformation
3) Leaking bits through an intentional or unintentional side channel
What I was concerned
On Sun, Sep 22, 2013 at 2:00 PM, Stephen Farrell
stephen.farr...@cs.tcd.iewrote:
On 09/22/2013 01:07 AM, Patrick Pelletier wrote:
1024 bits is enough for anyone
That's a mischaracterisation I think. Some folks (incl. me)
have said that 1024 DHE is arguably better that no PFS and
if
Je n'ai fait celle-ci plus longue que parce que je n’ai pas eu le loisir de la
faire plus courte.
On Sep 23, 2013, at 12:45 PM, John Kelsey crypto@gmail.com wrote:
On Sep 18, 2013, at 3:27 PM, Kent Borg kentb...@borg.org wrote:
You foreigners actually have a really big vote here.
It
On Wed, Sep 25, 2013 at 11:59:50PM +1200, Peter Gutmann wrote:
Something that can sign a new RSA-2048 sub-certificate is called a CA. For
a browser, it'll have to be a trusted CA. What I was asking you to explain is
how the browsers are going to deal with over half a billion (source: Netcraft
On 24 September 2013 17:01, Jerry Leichter leich...@lrw.com wrote:
On Sep 23, 2013, at 4:20 AM, ianG i...@iang.org wrote:
... But they made Dual EC DRBG the default ...
At the time this default was chosen (2005 or thereabouts), it was *not* a
mistake.
On Sep 25, 2013, at 2:52 AM, james hughes hugh...@mac.com wrote:
Many, if not all, service providers can provide the government valuable
information regarding their customers. This is not limited to internet
service providers. It includes banks, health care providers, insurance
companies,
On Tue, Sep 24, 2013 at 12:30:40PM -0400, Kelly John Rose wrote:
If Google, or other similar businesses want to convince people to store
data in the cloud, they need to set up methods where the data is
encrypted or secured before it is even provided to them using keys which
That would
On 24/09/13 19:23 PM, Kelly John Rose wrote:
I have always approached that no encryption is better than bad
encryption, otherwise the end user will feel more secure than they
should and is more likely to share information or data they should not
be on that line.
The trap of a false sense of
Hi Jerry,
I appreciate the devil's advocate approach here, it has helped to get my
thoughts in order! Thanks!
My conclusion is: avoid all USA, Inc, providers of cryptographic
products. Argumentation follows...
On 24/09/13 19:01 PM, Jerry Leichter wrote:
On Sep 23, 2013, at 4:20 AM,
Stephen Farrell stephen.farr...@cs.tcd.ie writes:
That's a mischaracterisation I think. Some folks (incl. me) have said that
1024 DHE is arguably better that no PFS and if current deployments mean we
can't ubiquitously do better, then we should recommend that as an option,
while at the same time
Peter Fairbrother zenadsl6...@zen.co.uk writes:
On 24/09/13 05:27, Peter Gutmann wrote:
Peter Fairbrother zenadsl6...@zen.co.uk writes:
If you just want a down-and-dirty 2048-bit FS solution which will work
today,
why not just have the websites sign a new RSA-2048 sub-certificate every
day?
2013/9/24 Bill Frantz fra...@pwpconsult.com
Field Programmable Gate Arrays (FPGA)
Yeah, those are definitely probably reflashable more easily than you'd
like. They're a bit more tricky than they'd seem to be at first. Definitely
a better choice than Intel though. On the todo list.
24. sep. 2013 kl. 18:01 skrev Jerry Leichter leich...@lrw.com:
At the time this default was chosen (2005 or thereabouts), it was *not* a
mistake. Dual EC DRBG was in a just-published NIST standard. ECC was
hot as the best of the new stuff - with endorsements not just from NSA but
from
We had been asked to come in and help wordsmith the cal. state digital signature act. Several of
the parties were involved in privacy issues and also working on Cal. data breach notification act
and Cal. opt-in personal information sharing act. The parties had done extensive public surveys on
On Sep 24, 2013, at 6:11 PM, Gerardus Hendricks konfku...@riseup.net wrote:
I'm assuming you're talking about DUAL_EC_DBRG. ... According to the
researchers from Microsoft, exploiting this would require
at most 32 bytes of the PRNG output to reveal the internal state, thus
revealing all
On Sep 25, 2013 8:06 AM, John Kelsey crypto@gmail.com wrote:
On Sep 22, 2013, at 8:09 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
Either way, the question is how to stop this side channel attack.
One simple way would be to encrypt the nonces from the RNG under a
secret key
23 matches
Mail list logo