Re: [cryptography] SRP 6a + storage of password's related material strength?

On Fri, Mar 13, 2015 at 9:25 AM, Fabio Pietrosanti (naif) - lists li...@infosecurity.ch wrote: Hi all, SRP is a very cool authentication protocol, not yet widely deployed, but with very interesting properties. I'm wondering how strong is considered the storage of the password's related

Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

On Wed, Mar 11, 2015 at 10:53 AM, Fabio Pietrosanti (naif) - lists li...@infosecurity.ch wrote: Hi all, at GlobaLeaks we're undergoing implementation of client-side encryption with server-side storage of PGP Private keys. Obviously the hashing to be used for storing such PGP private keys has

Re: [cryptography] Integrety checking GnuPG

On Wed, May 29, 2013 at 11:02 AM, shawn wilson ag4ve...@gmail.com wrote: I guess I should've said what my use case is: I want a boot system that unlocks a partition where everything is checked to prevent an evil maid attack. I can sign / check everything but the key and the integrity checker.

Re: [cryptography] Validating cryptographic protocols

On Wed, May 1, 2013 at 6:50 PM, Florian Weimer f...@deneb.enyo.de wrote: I'm wondering what's the state of the art here, and if there are any formal methods for deciding if a particular protocol has certain security properties. I know that there have been some advances in this area, but it's

[cryptography] Gregory Perry's follow-up to the FBI OpenBSD / OCF backdoors thread (was: Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s))

Back in December 2010, we discussed the OpenBSD IPSec backdoor allegations. Two days ago, Cryptome.org published the Gregory Perry's follow-up to the this story. FBI OpenBSD Backdoors and RSA Cipher Vulnerability http://cryptome.org/2012/01/0032.htm Cheers, -- alfonso     blogs at

[cryptography] RSA exponent stuck-at 1 in Ruby trunk key-generation

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revisionrevision=33633 For those using Ruby, update to 1.9.3. Cheers, -- alfonso     blogs at http://Plaintext.crypto.lo.gy   tweets @secYOUre ___ cryptography mailing list cryptography@randombit.net

[cryptography] Cryptocounters for our PETs

I'm glad to announce Encounter, a software library aimed at providing a production-grade implementation of cryptographic counters and fostering further research on their constructions and applications. Cryptocounters have a number of applications ranging from privacy-preserving statistics

Re: [cryptography] -currently available- crypto cards with onboard key storage

On Wed, Oct 26, 2011 at 8:12 PM, Thor Lancelot Simon t...@panix.com wrote: I find myself needing a crypto card, preferably PCIe, with onboard key storage.  The application is PGP, so I really need hardware that can use keys stored onboard to do arbitrary RSA operations -- rather than a

Re: [cryptography] -currently available- crypto cards with onboard key storage

Hi Peter, On Thu, Oct 27, 2011 at 10:45 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Alfonso De Gregorio a...@crypto.lo.gy writes: For a past project, I've been engineering a cryptographic appliance running with Bull TrustWay CC2000 http://support.bull.com/ols/product/security/trustway

Re: [cryptography] Symantec gets it wrong

Hi, On Thu, Sep 8, 2011 at 6:20 PM, Andy Steingruebl a...@steingruebl.comwrote: On Thu, Sep 8, 2011 at 1:30 AM, Ralph Holz h...@net.in.tum.de wrote: Hi, I (still) cannot believe how Symantec reacts to the DigiNotar breaches - basically ignoring the known shortcomings:

Re: [cryptography] bitcoin scalability to high transaction rates

On Wed, Jul 20, 2011 at 11:29 AM, James A. Donald jam...@echeque.com wrote: On 2011-07-20 4:57 PM, a...@crypto.lo.gy wrote: At the current market depth and without a widespread adoption, Bitcoin exhibits a high volatility. So you are telling us if bitcoin fails, it fails. Conversely,

Re: [cryptography] Minimally Sufficient Cryptosystem

On Tue, Jul 5, 2011 at 3:21 PM, Jean-Philippe Aumasson jeanphilippe.aumas...@gmail.com wrote: See the Asiacrypt 2010 rump session talk An Optimal Attack On Cryptosystems With Pre/Post Whitening Keys by Orr Dunkelman and Adi Shamir:

Re: [cryptography] Bitcoin observation

On Tue, Jul 5, 2011 at 9:22 AM, Jon Callas j...@callas.org wrote: Good points. But nonetheless, it's a really, really cool property of the system that you can gain by destroying bitcoins. I mean heck -- let's create another sub-constant, H_s which is the constant that shows when it better to

Re: [cryptography] OTR algos for multi-user chat

://lists.cypherpunks.ca/pipermail/otr-users/2010-June/001823.html I'm not sure about the current status. I'd suggest to check with him or Ian on otr-users. Ciao, --   Alfonso De Gregorio,  blogs at http://Plaintext.crypto.lo.gy/   BeeWise - Security Event Futures - http://beewise.org

Re: [cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

, an annual contest to write innocent-looking C code implementing malicious behavior http://underhanded.xcott.com/ -- Alfonso De Gregorio, blogs at http://Plaintext.crypto.lo.gy BeeWise, Security Event Futures - http://beewise.org/ ___ cryptography mailing

[cryptography] A comic strip about the behaviors of software and human beings (was: Re: Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s))

http://plaintext.crypto.lo.gy/article/390/earnest Cheers, -- Alfonso De Gregorio, blogs at http://Plaintext.crypto.lo.gy BeeWise, Security Event Futures - http://beewise.org/ ___ cryptography mailing list cryptography@randombit.net http

Re: [cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

showed how to counter trojan horse attacks on compilers in 'Fully Countering Trusting Trust through Diverse Double-Compiling' http://www.dwheeler.com/trusting-trust/ Interestingly enough, 26 years passed by the Thompson speech and the dissertation by Wheeler. -- Alfonso De Gregorio, blogs at http