On Tue, Sep 3, 2013 at 12:49 AM, Jon Callas j...@callas.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 2, 2013, at 3:06 PM, Jack Lloyd ll...@randombit.net wrote:
On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
a) The very reference you give says that
Want to collaborate on an Internet Draft?
This is obviously useful but it can only be made useful if everyone does it
in the same way.
On Tue, Sep 3, 2013 at 10:14 AM, Peter Gutmann pgut...@cs.auckland.ac.nzwrote:
Phillip Hallam-Baker hal...@gmail.com writes:
To backup the key we tell the
Ok, skip this one if you aren't an active crypto library maintainer. I'm
updating a hash library from FIPS 180-2 to 180-4 compliance and this list is
the place I know where somebody might know the answers to all the following
questions without my spending days tracking down the answers.
Please
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What is the state of prior art for the P-384? When was it first published?
Given that RIM is trying to sell itself right now and the patents are the
only asset worth having, I don't have good feelings on this. Well apart from
the business
On Mon, Sep 2, 2013 at 11:03 PM, John Kelsey crypto@gmail.com wrote:
The backup access problem isn't just a crypto problem, it's a social/legal
problem. There ultimately needs to be some outside mechanism for using
social or legal means to ensure that, say, my kids can get access to at
--Alexander Kilmov wrote:
--David Mercer wrote:
2) Is anyone aware of ITAR changes for SHA hashes in recent years
that require more than the requisite notification email to NSA for
download URL and authorship information? Figuring this one out last
time around took ltttss of
On Tue, 3 Sep 2013, radi...@gmail.com wrote:
1) Is there a NIST announce type list so I don't miss an entire
standards update cycle or two again? That doesn't cover all the
nitty gritty goings on during the journey to publication for FIPS
updates?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
2) Is anyone aware of ITAR changes for SHA hashes in recent years that
require more than the requisite notification email to NSA for download URL
and authorship information? Figuring this one out last time around took
ltttss of
Don't write the code. Write a reasonably general software solver that
finds a program that fulfill given specifications, given a minimum
number of hints. Then write a specification for the problem (e.g.
finding a nice elliptic curve with interesting properties) and let the
solver find them.
You
ITAR doesn't require a license or permit for strong hash functions, but for
US persons
require(d?) notification of NSA of authorship, contact email and download
URL(s), at least in
2006 it did.
That strikes me as an overly-conservative reading of the rules, but
it's been some time since I
Fare wrote:
Or once again, maybe a general problem solver given the specification
of some cryptographic function satisfying some properties could
automatically find a robust enough algorithm, and then it's impossible
to either restrict its export or patent. Now, if each time your solver
is itself
On 09/03/2013 09:54 AM, radi...@gmail.com wrote:
--Alexander Kilmov wrote:
--David Mercer wrote:
2) Is anyone aware of ITAR changes for SHA hashes in recent years
that require more than the requisite notification email to NSA for
download URL and authorship information? Figuring this one out
On Tue, Sep 3, 2013 at 2:49 PM, Richard Salz rich.s...@gmail.com wrote:
ITAR doesn't require a license or permit for strong hash functions, but for
US persons
require(d?) notification of NSA of authorship, contact email and download
URL(s), at least in
2006 it did.
That strikes me as an
Ok, I dug around my email archives to see what the heck to google, and answered
my own question regarding ITAR and NIST defined Suite B implementing software.
Here it goes
From http://www.nsa.gov/ia/programs/suiteb_cryptography/
...Says, effectively, that products that 'are configure to USE
On Sep 3, 2013, at 12:45 PM, Faré fah...@gmail.com wrote:
Don't write the code. Write a reasonably general software solver that
finds a program that fulfill given specifications, given a minimum
number of hints. Then write a specification for the problem (e.g.
finding a nice elliptic curve
Hashes aren't ITAR covered is a fact…. from Revised U.S. Encryption Export
Control Regulations, January 2000 at
http://epic.org/crypto/export_controls/regs_1_00.html
3. It was not the intent of the new Wassenaar language for ECCN 5A002 to be
more restrictive concerning Message
I still think you are reading it too conservatively. The NSA page
defers the actual rules to somewhere else: Certain commercial IA and
IA-enabled IT products that contain cryptography and the technical
data regarding them are subject to Federal Government export controls
Suite B includes
On Sep 3, 2013, at 3:16 PM, Faré fah...@gmail.com wrote:
Can't you trivially transform a hash into a PRNG, a PRNG into a
cypher, and vice versa?
No.
hash-PRNG: append blocks that are digest (seed ++ counter ++ seed)
Let H(X) = SHA-512(X) || SHA-512(X)
where '||' is concatenation. Assuming
At 01:53 PM 8/29/2013, Taral wrote:
Oh, wait. I misread the requirement. This is a pretty normal
requirement -- your reverse DNS has to be valid. So if you are
3ffe::2, and that reverses to abc.example.com, then abc.example.com
better resolve to 3ffe::2.
For IPv4, that's a relatively normal
Pardon the top-post, I'm on a retarded mobile client at the moment...
I wish the following were true. However a current nsa.gov url with a recent
timestamp explicitly lists FIPS 180-4 hashes (SHA-n) as covered by the
notification requirement.
I phrased my initial query to the list explicitly
On 2013-09-01 13:02:26 +1000 (+1000), James A. Donald wrote:
On 2013-09-01 11:16 AM, Jeremy Stanley wrote:
[...]
bring business cards (or even just slips of paper) with our name,
E-mail address and 160-bit key fingerprint.
[...]
The average user is disturbed by the sight a 160 bit hash.
On Tue, Sep 03, 2013 at 06:09:15PM -0700, Bill Stewart wrote:
For IPv4, that's a relatively normal way to do things,
though if example.com is commercial,
smtp.example.com might actually be a load-balanced bunch of servers
in xx.yy.zz.0/24
instead of just one machine, or they might be hidden
22 matches
Mail list logo
