5x speedup for AES using SSE5?

2008-08-23 Thread Paul Crowley
. However, glancing through the SSE5 specification, I can't see at all how such a dramatic speedup might be achieved. Does anyone know any more, or can anyone see more than I can in the spec? http://developer.amd.com/cpu/SSE5/Pages/default.aspx -- __ \/ o\ Paul Crowley /\__/ www.ciphergoth.org

Re: SRP implementation - choices for N and g

2008-08-26 Thread Paul Crowley
application-wide? What are the (security-related) implications in each case? They can safely be chosen application-wide, so long as they are secure choices as per the Group parameter agreement section of the SRP spec. -- __ \/ o\ Paul Crowley, [EMAIL PROTECTED] /\__/ http://www.ciphergoth.org

Re: CPRNGs are still an issue.

2008-12-16 Thread Paul Crowley
? -- __ \/ o\ Paul Crowley /\__/ www.ciphergoth.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: full-disk encryption standards released

2009-01-29 Thread Paul Crowley
time seeing where the actual cryptography is specified. They mention that they use AES but I can't see where they tell us what mode of operation they are using. -- __ \/ o\ Paul Crowley /\__/ www.ciphergoth.org

Re: [cryptography] What's the state of the art in factorization?

2010-07-09 Thread Paul Crowley
reduction to the discrete log problem in exactly the way that Schnorr does. -- __ \/ o\ Paul Crowley, p...@ciphergoth.org /\__/ http://www.ciphergoth.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: [Cryptography] Squaring Zooko's triangle

2013-09-11 Thread Paul Crowley
From the title it sounds like you're talking about my 2007 proposal: http://www.lshift.net/blog/2007/11/10/squaring-zookos-triangle http://www.lshift.net/blog/2007/11/21/squaring-zookos-triangle-part-two This uses key stretching to increase the work of generating a colliding identifier from 2^64

Re: [Cryptography] People should turn on PFS in TLS (was Re: Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption)

2013-09-17 Thread Paul Crowley
At a stretch, one can imagine circumstances in which trying multiple seeds to choose a curve would lead to an attack that we would not easily replicate. I don't suggest that this is really what happened; I'm just trying to work out whether it's possible. Suppose you can easily break an elliptic

Re: [Cryptography] RSA equivalent key length/strength

2013-10-02 Thread Paul Crowley
On 30 September 2013 23:35, John Kelsey crypto@gmail.com wrote: If there is a weak curve class of greater than about 2^{80} that NSA knew about 15 years ago and were sure nobody were ever going to find that weak curve class and exploit it to break classified communications protected by