On Sat, 31 Aug 2013 17:00:01 -0400 John Kelsey crypto@gmail.com
wrote:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different
sources.
This seems by far the most probable conclusion. Note, for example,
On Sep 1, 2013, at 2:36 AM, Peter Gutmann wrote:
John Kelsey crypto@gmail.com writes:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto.
On 08/31/2013 02:53 PM, John Kelsey wrote:
I think it makes sense to separate out the user-level view of what happens.
True. I shouldn't have muddied up user-side view with notes about
packet forwarding, mixing, cover traffic, and domain lookup, etc.
Some users (I think) will want to know
What I think we are worried about here are very widespread automated attacks,
and they're passive (data is collected and then attacks are run offline). All
that constrains what attacks make sense in this context. You need attacks that
you can run in a reasonable time, with minimal
On 25 August 2013 21:29, Perry E. Metzger pe...@piermont.com wrote:
[Disclaimer: very little in this seems deeply new, I'm just
mixing it up in a slightly different way. The fairly simple idea I'm
about to discuss has germs in things like SPKI, Certificate
Transparency, the Perspectives
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com
wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the USG likes using it, too.
That's also evidence for eliptic curve techniques btw.
Perry
--
Perry E. Metzger
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com
wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the USG likes using it, too.
We know they *say in public* that it's acceptable.
On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
leich...@lrw.com wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that