Hi guys,
Thought this might (still) be of some interest:
http://www.mersenneforum.org/showpost.php?p=354259
rtf
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Hi!
I made a simple elliptic curve utility in command line PHP:
https://github.com/LaySoft/ecc_phgp
I know in the RSA, the sign is inverse operation of encrypt, so two
different keypairs needs for encrypt and sign. In elliptic curve
cryptography, the sign is not the inverse operation of
On Sat, Oct 05, 2013 at 09:29:05PM -0400, John Kelsey wrote:
One thing that seems clear to me: When you talk about algorithm
flexibility in a protocol or product, most people think you are
talking about the ability to add algorithms. Really, you are talking
more about the ability to *remove*
On Sat, Oct 5, 2013 at 7:36 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-04 23:57, Phillip Hallam-Baker wrote:
Oh and it seems that someone has murdered the head of the IRG cyber
effort. I condemn it without qualification.
I endorse it without qualification. The IRG are bad
On 10/04/2013 07:38 AM, Jerry Leichter wrote:
On Oct 1, 2013, at 5:34 AM, Ray Dillinger b...@sonic.net wrote:
What I don't understand here is why the process of selecting a standard
algorithm for cryptographic primitives is so highly focused on speed.
If you're going to choose a single
On 2013-10-07 01:18, Phillip Hallam-Baker wrote:
We are not at war with Iran.
We are not exactly at peace with Iran either, but that is irrelevant,
for presumably it was a Jew that did it, and Iran is at war with Jews.
(And they are none too keen on Christians, Bahais, or Zoroastrians
On Oct 5, 2013, at 6:12 PM, Ben Laurie wrote:
I have to take issue with this:
The security is not reduced by adding these suffixes, as this is only
restricting the input space compared to the original Keccak. If there
is no security problem on Keccak(M), there is no security problem on
On Oct 5, 2013, at 9:29 PM, John Kelsey wrote:
One thing that seems clear to me: When you talk about algorithm flexibility
in a protocol or product, most people think you are talking about the ability
to add algorithms. Really, you are talking more about the ability to
*remove*
On Thu, Oct 3, 2013 at 12:21 PM, Jerry Leichter leich...@lrw.com wrote:
On Oct 3, 2013, at 10:09 AM, Brian Gladman b...@gladman.plus.com wrote:
Leaving aside the question of whether anyone weakened it, is it
true that AES-256 provides comparable security to AES-128?
I may be wrong about
On Oct 6, 2013, at 6:29 PM, Jerry Leichter leich...@lrw.com wrote:
On Oct 5, 2013, at 6:12 PM, Ben Laurie wrote:
I have to take issue with this:
The security is not reduced by adding these suffixes, as this is only
restricting the input space compared to the original Keccak. If there
is no
Is it just me, or does the government really have absolutely no one
with any sense of irony? Nor, increasingly, anyone with a sense of
shame?
I have to ask, because after directly suborning the cyber security
of most of the world including the USA, and destroying the credibility
of just about
Given the recent debate about security levels for different key sizes, the
following paper by Lenstra, Kleinjung, and Thome may be of interest:
Universal security from bits and mips to pools, lakes and beyond
http://eprint.iacr.org/2013/635.pdf
From now on I think anyone who wants to argue
On Oct 6, 2013, at 11:41 PM, John Kelsey wrote:
...They're making this argument by pointing out that you could simply stick
the fixed extra padding bits on the end of a message you processed with the
original Keccak spec, and you would get the same result as what they are
doing. So if
Last week, the American TV show Elementary (a TV who-done-it) was about the
murder of two mathematicians who were working on proof of P=NP. The
implications to crypto, and being able to crack into servers was covered. It
was mostly accurate, up until the deux ex machine of the of the NSA hiding
On 05/10/13 20:00, John Kelsey wrote:
http://keccak.noekeon.org/yes_this_is_keccak.html
Seems the Keccac people take the position that Keccak is actually a way
of creating hash functions, rather than a specific hash function - the
created functions may be ridiculously strong, or far too
On 05/10/13 00:09, Dan Kaminsky wrote:
Because not being fast enough means you don't ship. You don't ship, you
didn't secure anything.
Performance will in fact trump security. This is the empirical reality.
There's some budget for performance loss. But we have lots and lots of
slow
On Sun, Oct 6, 2013 at 9:10 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
I am even
starting to think that maybe we should start using the NSA checksum
approach.
Incidentally, that checksum could be explained simply by padding prepping an
EC encrypted session key. PKCS#1 has similar stuff
On Oct 7, 2013, at 1:43 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Given the recent debate about security levels for different key sizes, the
following paper by Lenstra, Kleinjung, and Thome may be of interest:
Universal security from bits and mips to pools, lakes and beyond
If we are going to always use a construction like AES(KDF(key)), as Nico
suggests, why not go further and use a KDF with variable length output like
Keccak to replace the AES key schedule? And instead of making provisions to
drop in a different cipher should a weakness be discovered in AES,
Original message
From: Phillip Hallam-Baker hal...@gmail.com
Date: 10/06/2013 08:18 (GMT-08:00)
To: James A. Donald jam...@echeque.com
Cc: cryptography@metzdowd.com
Subject: Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was:
NIST about to weaken SHA3?
Alongside Phillip's comments, I'll just point out that assassination of key
people is a tactic that the US and Israel probably don't have any particular
advantages in. It isn't in our interests to encourage a worldwide tacit
acceptance of that stuff.
I suspect a lot of the broad principles
Original message
From: Jerry Leichter leich...@lrw.com
Date: 10/06/2013 15:35 (GMT-08:00)
To: John Kelsey crypto@gmail.com
Cc: cryptography@metzdowd.com List cryptography@metzdowd.com,Christoph
Anton Mitterer cales...@scientia.net,james hughes
On Oct 7, 2013, at 11:45 AM, Arnold Reinhold a...@me.com wrote:
If we are going to always use a construction like AES(KDF(key)), as Nico
suggests, why not go further and use a KDF with variable length output like
Keccak to replace the AES key schedule? And instead of making provisions to
So their research was stolen and they were assassinated by the NSA? Makes
sense. (Except for the NSA's lack of field agents! CIA involvement is
required)
___
The cryptography mailing list
cryptography@metzdowd.com
On Mon, Oct 07, 2013 at 11:45:56AM -0400, Arnold Reinhold wrote:
If we are going to always use a construction like AES(KDF(key)), as
Nico suggests, why not go further and use a KDF with variable length
output like Keccak to replace the AES key schedule? And instead of
Note, btw, that Keccak is
On Mon, Oct 7, 2013 at 4:54 AM, Lay András and...@lay.hu wrote:
Hi!
I made a simple elliptic curve utility in command line PHP:
https://github.com/LaySoft/ecc_phgp
I know in the RSA, the sign is inverse operation of encrypt, so two
different keypairs needs for encrypt and sign. In
On Oct 7, 2013, at 12:45 PM, Ray Dillinger b...@sonic.net wrote:
Can we do anything ...[to make it possible to remove old algorithms]? If the
protocol allows correction (particularly remote or automated correction) of
an entity using a weak crypto primitive, that opens up a whole new set of
On Oct 7, 2013, at 6:04 PM, Philipp Gühring p...@futureware.at wrote:
it makes no sense for a hash function: If the attacker can specify
something about the input, he ... knows something about the input!
Yes, but since it's standardized, it's public knowledge, and just knowing
the padding
On Sun, Oct 6, 2013 at 11:26 AM, John Kelsey crypto@gmail.com wrote:
If we can't select ciphersuites that we are sure we will always be
comfortable with (for at least some forseeable lifetime) then we urgently
need the ability to *stop* using them at some point. The examples of MD5
and
On 07.10.2013 10:54, Lay András wrote:
I made a simple elliptic curve utility in command line PHP:
https://github.com/LaySoft/ecc_phgp
I know in the RSA, the sign is inverse operation of encrypt, so two
different keypairs needs for encrypt and sign. In elliptic curve
cryptography, the
On Oct 7, 2013, at 1:43 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Given the recent debate about security levels for different key sizes, the
following paper by Lenstra, Kleinjung, and Thome may be of interest:
Universal security from bits and mips to pools, lakes and beyond
On 10/6/2013 12:17 PM, Salz, Rich wrote:
Last week, the American TV show Elementary (a TV who-done-it) was
about the murder of two mathematicians who were working on proof of
P=NP. The implications to crypto, and being able to crack into
servers was covered. It was mostly accurate, up until
32 matches
Mail list logo
