On Mon, Sep 30, 2013 at 9:41 AM, Mark Atwood m...@mark.atwood.name wrote:
Well, there are Protobufs, and there is Thrift, and there is
MessagePack, and there is Avro...
Here's a crazy idea: instead of using one of these formats, use a human
readable format that can be described by a formal
On Mon, Sep 30, 2013 at 06:35:24PM -0400, John Kelsey wrote:
Having read the mail you linked to, it doesn't say the curves weren't
generated according to the claimed procedure. Instead, it repeats Dan
Bernstein's comment that the seed looks random, and that this would have
allowed NSA to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Found at:
http://www.nytimes.com/2007/02/05/technology/05secure.html?ex=1328331600en=295ec5d0994b0755ei=5090partner=rssuserlandemc=rss
To quote from the above:
The idea is that if customers do not see their [preselected] image,
they
Op 30 sep. 2013, om 05:12 heeft Christoph Anton Mitterer
cales...@scientia.net het volgende geschreven:
Not sure whether this has been pointed out / discussed here already (but
I guess Perry will reject my mail in case it has):
https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3
excerpting, we have
James A. Donald wrote:
Weaker in ways that the NSA has examined, and the people that chose
the winning design have not.
Viktor Dukhovni replies:
Just because they're after you, doesn't mean they're controlling
your brain with radio waves. Don't let FUD
On 2013-10-01 08:51, Watson Ladd wrote:
On Mon, Sep 30, 2013 at 2:21 PM, James A. Donald jam...@echeque.com
mailto:jam...@echeque.com wrote:
Weaker in ways that the NSA has examined, and the people that
chose the winning design have not.
This isn't true: Keccak's designers proposed a
On 1/10/13 02:01 AM, Tony Arcieri wrote:
On Mon, Sep 30, 2013 at 1:02 AM, Adam Back a...@cypherspace.org
mailto:a...@cypherspace.org wrote:
If we're going to do that I vote no ASN.1, and no X.509. Just BNF
format
like the base SSL protocol; encrypt and then MAC only, no
This falls somewhere in the land of beyond-the-absurd.
Just got this message from your robot:
On Oct 1, 2013, at 5:00 AM, mailman-ow...@metzdowd.com wrote:
If you have questions, problems, comments, etc, send them to
mailman-ow...@metzdowd.com. Thanks!
Passwords for g...@kinostudios.com:
On 2013-10-01 10:17, John Kelsey wrote:
Yeah, that plot to weaken sha3 is so secretive, we've been discussing it in
public slide presentations and on public mailing lists for six months.
All big conspiracies get exposed - I would make a list, but that would
derail the conversation.
It does
On 1 October 2013 01:10, James A. Donald jam...@echeque.com wrote:
On 2013-10-01 04:22, Salz, Rich wrote:
designate some big player to do it, and follow suit?
Okay that data encoding scheme from Google protobufs or Facebook thrift.
Done.
We have a complie to generate C code from ASN.1
On 30 September 2013 23:24, John Kelsey crypto@gmail.com wrote:
Maybe you should check your code first? A couple nist people verified
that the curves were generated by the described process when the questions
about the curves first came out.
If you don't quote the message you're
On 2013-10-01 10:24, John Kelsey wrote:
If you want to understand what's going on wrt SHA3, you might want to look at
the nist website
If you want to understand what is going on with SHA3, and you believe
that NIST is frank, open, honest, and has no ulterior motives, you might
want to look
On 1 October 2013 09:46, James A. Donald jam...@echeque.com wrote:
On 2013-10-01 18:06, Ben Laurie wrote:
On 1 October 2013 01:10, James A. Donald jam...@echeque.com wrote:
Further, google is unhappy that too-clever-code gives too-clever
programmers too much power, and has prohibited
On Mon, Sep 30, 2013 at 6:04 PM, Mark Atwood m...@mark.atwood.name wrote:
YAML?
YAML is a bit insane ;) There's JSON, and also TOML:
https://github.com/mojombo/toml
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
On 1/10/13 00:21 AM, James A. Donald wrote:
On 2013-10-01 00:44, Viktor Dukhovni wrote:
Should one also accuse ESTREAM of maliciously weakening SALSA? Or
might one admit the possibility that winning designs in contests
are at times quite conservative and that one can reasonably
standardize
What I don't understand here is why the process of selecting a standard
algorithm for cryptographic primitives is so highly focused on speed.
We have machines that are fast enough now that while speed isn't a non issue,
it is no longer nearly as important as the process is giving it precedence
On Mon, Sep 30, 2013 at 6:17 PM, Mark Atwood m...@mark.atwood.name wrote:
YAML is a superset of JSON
C++ is a (not completely proper) superset of C. Does that make it better? ;)
is more human readable, and, unlike JSON, has internal references.
YAML also has the property that indentation
On Tue, Oct 1, 2013 at 3:08 AM, Adam Back a...@cypherspace.org wrote:
But I do think it is a very interesting and pressing research question as
to
whether there are ways to plausibly deniably symmetrically weaken or even
trapdoor weaken DL curve parameters, when the seeds are allowed to look
Okay, I didn't express myself very well the first time I tried to say this.
But as I see it, we're still basing the design of crypto algorithms on
considerations that had the importance we're treating them as having about
twelve years ago.
To make an analogy, it's like making tires when
On Tue, Oct 01, 2013 at 10:28:48AM -0400, Greg wrote:
So, my password, iPoopInYourHat, is being sent to me in the clear by your
servers.
All mailman lists do this by default. It does tell you on the sign
up page that it will do so, and that you shouldn't use a 'valuable'
(e.g. used elsewhere)
On 9/30/13 at 4:09 PM, cryptogra...@dukhovni.org (Viktor Dukhovni) wrote:
Just because they're after you, doesn't mean they're controlling
your brain with radio waves. Don't let FUD cloud your judgement.
ROTFLOL!
---
Bill
On Sep 30, 2013, at 8:10 PM, James A. Donald wrote:
We have a complie to generate C code from ASN.1 code
Google has a compiler to generate C code from protobufs source
The ASN.1 compiler is open source. Google's compiler is not.
http://code.google.com/p/protobuf/source/checkout. BSD
On Sep 30, 2013, at 9:01 PM, d.nix d@comcast.net wrote:
It's also worth pointing out that common browser ad blocking / script
blocking / and site redirection add-on's and plugins (NoScript,
AdBlockPlus, Ghostery, etc...) can interfere with the identification
image display. My bank uses
On Oct 1, 2013, at 3:29 AM, Dirk-Willem van Gulik di...@webweaving.org wrote:
...I do note that in crypto (possibly driven by the perceived expense of too
many bits) we tend to very carefully observe the various bit lengths found in
800-78-3, 800-131A , etc etc. And rarely go much beyond it*.
Here's a crazy idea: instead of using one of these formats, use a
human readable format that can be described by a formal grammar
which is hopefully regular, context-free, or context-sensitive in a
limited manner
YAML?
On Mon, Sep 30, 2013 at 5:48 PM, Tony Arcieri basc...@gmail.com wrote:
YAML is a superset of JSON, is more human readable, and, unlike JSON,
has internal references.
On Mon, Sep 30, 2013 at 6:14 PM, Tony Arcieri basc...@gmail.com wrote:
On Mon, Sep 30, 2013 at 6:04 PM, Mark Atwood m...@mark.atwood.name wrote:
YAML?
YAML is a bit insane ;) There's JSON, and
On 28/09/13 22:06 PM, ianG wrote:
On 27/09/13 18:23 PM, Phillip Hallam-Baker wrote:
Problem with the NSA is that its Jekyll and Hyde. There is the good side
trying to improve security and the dark side trying to break it. Which
side did the push for EC come from?
What's in Suite A? Will
1. okt. 2013 kl. 02:00 skrev James A. Donald jam...@echeque.com:
On 2013-10-01 08:24, John Kelsey wrote:
Maybe you should check your code first? A couple nist people verified that
the curves were generated by the described process when the questions about
the curves first came out.
And
On Tue, Oct 1, 2013 at 10:28 AM, Greg g...@kinostudios.com wrote:
This falls somewhere in the land of beyond-the-absurd.
Just got this message from your robot:
...
So, my password, iPoopInYourHat, is being sent to me in the clear by your
servers.
Of all the places on the internet, this
On 2013-10-01 18:06, Ben Laurie wrote:
On 1 October 2013 01:10, James A. Donald jam...@echeque.com
mailto:jam...@echeque.com wrote:
Further, google is unhappy that too-clever-code gives too-clever
programmers too much power, and has prohibited its employees from
ever doing
It's reasonable as it's not a security sensitive environment. Please for
the love of god let some environments stay low-sec.
2013/10/1 Nick cryptography-l...@njw.me.uk
On Tue, Oct 01, 2013 at 10:28:48AM -0400, Greg wrote:
So, my password, iPoopInYourHat, is being sent to me in the clear by
On 10/01/2013 10:28 AM, Greg wrote:
This falls somewhere in the land of beyond-the-absurd.
I noticed the password would be mailed in the clear when I signed up,
but even if I had not, I would not have been bothered to later discover
it. What is the harm? The sensitivity of this password is
On Tue, Oct 01, 2013 at 08:47:49AM -0700, Tony Arcieri wrote:
On Tue, Oct 1, 2013 at 3:08 AM, Adam Back [1]a...@cypherspace.org
wrote:
But I do think it is a very interesting and pressing research question
as to whether there are ways to plausibly deniably symmetrically
weaken
Op 1 okt. 2013, om 17:59 heeft Jerry Leichter leich...@lrw.com het volgende
geschreven:
On Oct 1, 2013, at 3:29 AM, Dirk-Willem van Gulik di...@webweaving.org
wrote:
...I do note that in crypto (possibly driven by the perceived expense of too
many bits) we tend to very carefully observe
On Oct 1, 2013, at 4:48 AM, ianG i...@iang.org wrote:
...
This could be the uninformed opinion over unexpected changes. It could also
be the truth. How then to differentiate?
Do we need to adjust the competition process for a tweak phase?
Let's whiteboard. Once The One is chosen, have
On Tue, 1 Oct 2013 10:28:48 -0400
Greg g...@kinostudios.com wrote:
So, my password, iPoopInYourHat, is being sent to me in the clear by
your servers.
Two things to keep in mind:
1. The damage one can do to you with knowledge of this password is
beyond minimal. You might have your list
On 2013-10-01 22:08, Salz, Rich wrote:
Further, google is unhappy that too-clever-code gives too-clever programmers
too much power, and has prohibited its employees from ever doing something like
protobufs again.
Got any documentation for this assertion?
The google style guide prohibits
There is nothing difficult about the right course of action here: Don't send
the password. Disable this silly default.
The attitude expressed in these replies is a disgrace to the profession of
software security, and a disgrace to the list.
It doesn't matter whether or not I should be using a
On Tue, Oct 1, 2013 at 9:51 AM, Adam Back a...@cypherspace.org wrote:
Right but weak parameter arguments are very dangerous - the US national
infrastructure they're supposed to be protecting could be weakened when
someone else finds the weakness.
As the fallout from the Snowden debacle has
On 01/10/13 08:49, Kristian Gjøsteen wrote:
1. okt. 2013 kl. 02:00 skrev James A. Donald jam...@echeque.com:
On 2013-10-01 08:24, John Kelsey wrote:
Maybe you should check your code first? A couple nist people verified that the
curves were generated by the described process when the
On 09/30/2013 09:28 AM, d...@geer.org wrote:
If there is anything I've learned about the Internet it is that
if you ask a difficult question you will get very little in the
way of answers you can trust a priori. However, if you make a false
claim, then people will come out of the woodwork to
On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff j...@av8n.com wrote:
I'm sure the driver was written by highly proficient cryptographers,
and subjected to a meticulous code review.
I'll just leave this here:
http://eprint.iacr.org/2013/338.pdf
--
Tony Arcieri
On Oct 1, 2013, at 12:28 PM, James A. Donald jam...@echeque.com wrote:
Further, google is unhappy that too-clever-code gives too-clever
programmers too much power, and has prohibited its employees from ever
doing something like protobufs again.
Got any documentation for this assertion?
The
On 01/10/13 08:54, ianG wrote:
On 1/10/13 02:01 AM, Tony Arcieri wrote:
On Mon, Sep 30, 2013 at 1:02 AM, Adam Back a...@cypherspace.org
mailto:a...@cypherspace.org wrote:
If we're going to do that I vote no ASN.1, and no X.509. Just BNF
format
like the base SSL protocol; encrypt
On 10/1/13 at 12:29 AM, di...@webweaving.org (Dirk-Willem van
Gulik) wrote:
While in a lot of other fields - it is very common for 'run of
the mill' constructions; such as when calculating a floor,
wooden support beam, a joist, to take the various standards and
liberally apply safety
On 10/1/13 at 8:47 AM, basc...@gmail.com (Tony Arcieri) wrote:
If e.g. the NSA knew of an entire class of weak curves, they could perform
a brute force search with random looking seeds, continuing until the curve
parameters, after the seed is run through SHA1, fall into the class that's
known
On 10/01/2013 06:56 PM, Benjamin Kreuter wrote:
2. The password is sent just in case you forgot it and want to
unsubscribe. Without the password, any troll might unsubscribe you
from the list by simply forging headers. Were this to be encrypted,
you would wind up with the classic
I think that's absurd to say that it gives a false sense of security. It
only gives a sense of security if you didn't read the text when you
entered the password in the first place. It keeps people from doing mass
unsubscribes trivially.
If someone was targeting you, yes, they would be able to
On Tue, Oct 1, 2013 at 12:00 PM, Jeffrey Goldberg jeff...@goldmark.orgwrote:
If the NSA had the capability to pick weak curves while covering their
tracks in such a way, why wouldn’t they have pulled the same trick with
Dual_EC_DRBG?
tinfoilhatThey wanted us to think they were incompetent,
At 02:27 PM 9/30/2013, James A. Donald wrote:
On 2013-09-30 18:02, Adam Back wrote:
If we're going to do that I vote no ASN.1, and no X.509. Just BNF format
like the base SSL protocol;
Granted that ASN.1 is incomprehensible and horrid, but, since there
is an ASN.1 compiler that generates C
On 10/01/2013 10:26 PM, Kelly John Rose wrote:
I think that's absurd to say that it gives a false sense of security. It
only gives a sense of security if you didn't read the text when you
entered the password in the first place.
Well, that applies to at least 90% of people for 90% the cases.
On Oct 1, 2013, at 4:13 PM, Peter Fairbrother wrote:
And as to passwords being near end-of-life? Rubbish. Keep the password
database secure, give the user a username and only three password attempts,
and all your GPUs and ASIC farms are worth nothing.
Yup.
I've (half-)jokingly suggested that
On Mon, Sep 30, 2013 at 1:41 AM, ianG i...@iang.org wrote:
Experience suggests that asking a standards committee to do the encoding
format is a disaster.
I just looked at my code, which does something we call Wire, and it's 700
loc. Testing code is about a kloc I suppose. Writing reference
On Tue, 2013-10-01 at 02:34 -0700, Ray Dillinger wrote:
What I don't understand here is why the process of selecting a
standard algorithm for cryptographic primitives is so highly focused
on speed.
We have machines that are fast enough now that while speed isn't a non
issue, it is no
On Tue, 2013-10-01 at 12:47 -0400, John Kelsey wrote:
The actual technical question is whether an across the board 128 bit
security level is sufficient for a hash function with a 256 bit
output. This weakens the proposed SHA3-256 relative to SHA256 in
preimage resistance, where SHA256 is
On 10/1/13 at 1:43 PM, mar...@bluegap.ch (Markus Wanner) wrote:
Let's compare apples to apples: even if you manage to actually read the
instructions, you actually have to do so, have to come up with a
throw-away-password, and remember it. For no additional safety compared
to one-time tokens.
Actually, it's only *your* password that's being emailed in the clear. It's
punishment for failing to observe the first rule of this list, which is DO
NOT TOP POST.
Huh?
1. I don't know what top post means, and I see nothing here about it:
On 1 October 2013 19:57, Tony Arcieri basc...@gmail.com wrote:
On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff j...@av8n.com wrote:
I'm sure the driver was written by highly proficient cryptographers,
and subjected to a meticulous code review.
I'll just leave this here:
Here's a crazy idea: instead of using one of these formats, use a
human readable format that can be described by a formal grammar
which is hopefully regular, context-free, or context-sensitive in a
limited manner
If only we could channel the late Jon Postel. Didn't you ever notice
how
AES, the latest-and-greatest block cipher, comes in two main forms -
AES-128 and AES-256.
AES-256 is supposed to have a brute force work factor of 2^256 - but we
find that in fact it actually has a very similar work factor to that of
AES-128, due to bad subkey scheduling.
Thing is, that
Low security environment, minimal ability to inflict damage, clear
instructions from the beginning.
If the system and processes are not to your liking, that's understandable.
Everyone is different.
There are other choices. If you'd like to investigate them, determine an
appropriate one, and
Actually, it's only *your* password that's being emailed in the clear. It's
punishment for failing to observe the first rule of this list, which is DO
NOT TOP POST.
Actually, my previous reply to this comment of yours did not adequately point
out the magnitude of its idiocy.
The reason I
On 2013-10-02 05:18, Jerry Leichter wrote:
To be blunt, you have no idea what you're talking about. I worked at
Google until a short time ago; Ben Laurie still does. Both of us have
written, submitted, and reviewed substantial amounts of code in the
Google code base. Do you really want to
On 2013-10-01 14:36, Bill Stewart wrote:
It's the data representations that map them into binary strings that
are a
wretched hive of scum and villainy, particularly because you can't
depend on a
bit string being able to map back into any well-defined ASN.1 object
or even any limited size of
On 2013-10-01 14:36, Bill Stewart wrote:
It's the data representations that map them into binary strings that
are a
wretched hive of scum and villainy, particularly because you can't
depend on a
bit string being able to map back into any well-defined ASN.1 object
or even any limited size of
65 matches
Mail list logo