Re: [cryptography] Designing a key stretching crypto that maximize use of WebCrypto?

I'm curious how PBKDF2 compares. On Sun, May 3, 2015 at 11:10 PM Fabio Pietrosanti (naif) - lists li...@infosecurity.ch wrote: Hi all, testing the lovely slowness of a pure scrypt implementation in javascript running into the browser, i was wondering anyone ever tried to think/design an

Re: [cryptography] random number generator

There's an implementation of Fortuna, which is a computationally secure PRNG, in PyCrypto: https://github.com/dlitz/pycrypto/tree/master/lib/Crypto/Random/Fortuna Unfortunately, gathering entropy is rather non-generic; otherwise decentish operating systems get this wrong. The various BSDs' source

Re: [cryptography] caring harder requires solving once for the most demanding threat model, to the benefit of all lesser models

On Wed, Oct 15, 2014 at 7:13 AM, ianG i...@iang.org wrote: :) em, close, I advocate direct and sole use of your platform's RNG. Rule #1: http://iang.org/ssl/hard_truths_hard_random_numbers.html 1. Use what your platform provides. Random numbers are hard, which is the first thing you have to