On 6/09/13 04:44 AM, Peter Gutmann wrote:
John Kelsey crypto@gmail.com writes:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto. Why attack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aloha!
Jerry Leichter wrote:
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
leich...@lrw.com wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the
John Kelsey crypto@gmail.com writes:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto. Why attack when you can
bypass [1].
Peter.
[1] From
On Tue, Sep 3, 2013 at 12:49 AM, Jon Callas j...@callas.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 2, 2013, at 3:06 PM, Jack Lloyd ll...@randombit.net wrote:
On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
a) The very reference you give says that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What is the state of prior art for the P-384? When was it first published?
Given that RIM is trying to sell itself right now and the patents are the
only asset worth having, I don't have good feelings on this. Well apart from
the business
On 2013-09-01 9:11 PM, Jerry Leichter wrote:
Meanwhile, on the authentication side, Stuxnet provided evidence that the
secret community *does* have capabilities (to conduct a collision attacks)
beyond those known to the public - capabilities sufficient to produce fake
Windows updates.
Do we
On Sep 1, 2013, at 6:06 PM, Perry E. Metzger wrote:
We know what they spec for use by the rest of the US government in
Suite B.
http://www.nsa.gov/ia/programs/suiteb_cryptography/
AES with 128-bit keys provides adequate protection for classified
information up to the SECRET level.
On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter leich...@lrw.com
wrote:
- To let's look at what they want for TOP SECRET. First off, RSA -
accepted for a transition period for SECRET, and then only with
2048 bit moduli, which until the last year or so were almost
unknown in commercial
On Sep 1, 2013, at 10:35 PM, James A. Donald wrote:
Meanwhile, on the authentication side, Stuxnet provided evidence that the
secret community *does* have capabilities (to conduct a collision attacks)
beyond those known to the public - capabilities sufficient to produce fake
Windows
recent post with email discussing PGP-like implementation ... a decade before
PGP in financial crypto blog
http://www.garlic.com/~lynn/2013i.html#69
and then a little later realizing there were 3-kinds of crypto (when I was told
I could make as many boxes as I wanted ... but could only sell to
On Mon, 2 Sep 2013 15:09:31 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
leich...@lrw.com wrote:
- To let's look at what they want for TOP SECRET. First off,
RSA - accepted for a
On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter leich...@lrw.com
wrote:
- To let's look at what they want for TOP SECRET. First off, RSA -
accepted for a transition period for SECRET, and then only with
2048 bit moduli, which until the
On Sun, Sep 1, 2013 at 10:35 PM, James A. Donald jam...@echeque.com wrote:
On 2013-09-01 9:11 PM, Jerry Leichter wrote:
Meanwhile, on the authentication side, Stuxnet provided evidence that the
secret community *does* have capabilities (to conduct a collision attacks)
beyond those known to
On Mon, 2 Sep 2013 14:45:00 -0400 Phillip Hallam-Baker
hal...@gmail.com wrote:
Do we know they produced fake windows updates without assistance
from Microsoft?
Given the reaction from Microsoft, yes.
The Microsoft public affairs people have been demonstrating real
anger at the Flame
You know, if there was a completely ironclad legal opinion that made use of
ECC possible without the risk of a lawsuit costing over $2 million from
Certicom then I would be happy to endorse a switch to ECC like the NSA is
pushing for as well.
I would not therefore draw the conclusion that NSA
Do we know they produced fake windows updates without assistance
from Microsoft?
Given the reaction from Microsoft, yes.
The Microsoft public affairs people have been demonstrating real
anger at the Flame attack in many forums.
But of course, sufficiently paranoid people might
On Mon, 2 Sep 2013 13:14:00 -0700 Christian Huitema
huit...@huitema.net wrote:
Do we know they produced fake windows updates without
assistance from Microsoft?
Given the reaction from Microsoft, yes.
The Microsoft public affairs people have been demonstrating real
anger at
On Mon, 2 Sep 2013 17:44:57 -0400 Jerry Leichter leich...@lrw.com
wrote:
...Clearly, as things like bad vendor drivers updates have been
sent out using stolen keys in the past, and clearly vendors might
simply make mistakes in the future
Except that that's not what happened in this
Do we know they produced fake windows updates without assistance
from Microsoft?
Given the reaction from Microsoft, yes.
The Microsoft public affairs people have been demonstrating real
anger at the Flame attack in many forums.
...Clearly, as things like bad vendor drivers updates have
On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
a) The very reference you give says that to be equivalent to 128
bits symmetric, you'd need a 3072 bit RSA key - but they require a
2048 bit key. And the same reference says that to be equivalent to
256 bits symmetric, you need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 2, 2013, at 3:06 PM, Jack Lloyd ll...@randombit.net wrote:
On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
a) The very reference you give says that to be equivalent to 128
bits symmetric, you'd need a 3072 bit RSA key -
On Sat, 31 Aug 2013 17:00:01 -0400 John Kelsey crypto@gmail.com
wrote:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different
sources.
This seems by far the most probable conclusion. Note, for example,
On Sep 1, 2013, at 2:36 AM, Peter Gutmann wrote:
John Kelsey crypto@gmail.com writes:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto.
What I think we are worried about here are very widespread automated attacks,
and they're passive (data is collected and then attacks are run offline). All
that constrains what attacks make sense in this context. You need attacks that
you can run in a reasonable time, with minimal
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com
wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the USG likes using it, too.
That's also evidence for eliptic curve techniques btw.
Perry
--
Perry E. Metzger
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com
wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the USG likes using it, too.
We know they *say in public* that it's acceptable.
On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
leich...@lrw.com wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that
On Aug 30, 2013, at 1:17 PM, Jerry Leichter leich...@lrw.com wrote:
So the latest Snowden data contains hints that the NSA (a) spends a great
deal of money on cracking encrypted Internet traffic; (b) recently made some
kind of a cryptanalytic breakthrough. What are we to make of this?
On Fri, Aug 30, 2013 at 07:17:08AM -0400, Jerry Leichter wrote:
So the latest Snowden data contains hints that the NSA (a) spends a
great deal of money on cracking encrypted Internet traffic; (b) recently
made some kind of a cryptanalytic breakthrough. What are we to make
of this?
On 08/30/2013 08:10 PM, Aaron Zauner wrote:
I read that WP report too. IMHO this can only be related to RSA (factorization,
side-channel attacks).
I have been hearing rumors lately that factoring may not in fact be as hard
as we have heretofore supposed. Algorithmic advances keep eating
On 31/08/13 06:10 AM, Aaron Zauner wrote:
On Aug 30, 2013, at 1:17 PM, Jerry Leichter leich...@lrw.com wrote:
So the latest Snowden data contains hints that the NSA (a) spends a great deal of money
on cracking encrypted Internet traffic; (b) recently made some kind of a cryptanalytic
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
--John
___
The cryptography mailing list
cryptography@metzdowd.com
On 2013-09-01 4:02 AM, Ray Dillinger wrote:
On 08/30/2013 08:10 PM, Aaron Zauner wrote:
I read that WP report too. IMHO this can only be related to RSA
(factorization, side-channel attacks).
I have been hearing rumors lately that factoring may not in fact be as
hard
as we have heretofore
On Aug 31, 2013, at 2:02 PM, Ray Dillinger wrote:
... It is both
interesting and peculiar that so little news of quantum computing has been
published since.
I don't understand this claim. Shor's work opened up a really hot new area
that both CS people and physicists (and others as well) have
So the latest Snowden data contains hints that the NSA (a) spends a great deal
of money on cracking encrypted Internet traffic; (b) recently made some kind of
a cryptanalytic breakthrough. What are we to make of this? (Obviously, this
will all be wild speculation unless Snowden leaks more
35 matches
Mail list logo
