-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also at http://silentcircle.wordpress.com/2013/08/17/reply-to-zooko/
# Reply to Zooko
(My friend and colleague, [Zooko
Wilcox-O'Hearn](https://leastauthority.com/blog/author/zooko-wilcox-ohearn.html)
wrote an open letter to me and Phil [on his
On Sat, Aug 17, 2013 at 1:04 AM, Jon Callas j...@callas.org wrote:
It's very hard, even with controlled releases, to get an exact
byte-for-byte recompile of an app. Some compilers make this impossible
because they randomize the branch prediction and other parts of code
generation. Even when
On 16/08/13 22:11 PM, zooko wrote:
On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote:
Nothing really gets anyone past the enormous supply of zero-day vulns in their
complete stacks. In the end I assume there's no technological PRISM
workarounds.
I agree that compromise of the
On 17/08/13 00:46 AM, Zooko Wilcox-OHearn wrote:
... This was
demonstrated in the Hushmail case in which the U.S. DEA asked Hushmail
(a Canadian company) to turn over the plaintext of the email of one of
its customers. Hushmail complied, shipping a set of CDs to the DEA
containing the customer's
On 17/08/13 00:46 AM, Zooko Wilcox-OHearn wrote:
We're trying an approach to this problem, here at LeastAuthority.com,
of “*verifiable* end-to-end security”. For our data backup and storage
service, all of the software is Free and Open Source, and it is
distributed through channels which are
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive requirements, the security geeks want the (P)RNG to block until
On 17 August 2013 06:01, ianG i...@iang.org wrote:
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive
On 17/08/13 14:46 PM, Ben Laurie wrote:
On 17 August 2013 06:01, ianG i...@iang.org mailto:i...@iang.org wrote:
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com
mailto:n...@cryptonector.com writes:
It might be useful to think of
On 17 August 2013 08:05, ianG i...@iang.org wrote:
On 17/08/13 14:46 PM, Ben Laurie wrote:
On 17 August 2013 06:01, ianG i...@iang.org mailto:i...@iang.org
wrote:
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com
On Sat, 17 Aug 2013 12:30:40 +0300
ianG i...@iang.org wrote:
This was always known as the weakness of the model. The operator
could simply replace the applet that was downloaded in every instance
with one that had other more nefarious capabilities. There were
thoughts and discussions about
On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote:
...
Also, if there are other sources, why are they not being fed in to the
system PRNG?
Linux 3.x kernels decided to stop using IRQ interrupts (removal of the
IRQF_SAMPLE_RANDOM flag, without an alternative to gather entropy).
shawn wilson ag4ve...@gmail.com wrote:
I thought that decent crypto programs (openssh, openssl, tls suites)
should read from random so they stay secure and don't start generating
/insecure/ data when entropy runs low.
(Talking about Linux, the only system where I know the details)
urandom
On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce aaron.topo...@gmail.com wrote:
The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random
number generator when the entropy pool has been exhausted.
No, it doesn't, or at least did not last time I looked at the code, a few
months
On 17 August 2013 10:09, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote:
...
Also, if there are other sources, why are they not being fed in to the
system PRNG?
Linux 3.x kernels decided to stop using IRQ interrupts (removal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 17, 2013, at 2:41 AM, ianG i...@iang.org wrote:
So back to Silent Circle. One known way to achieve some control over their
closed source replacement vulnerability is to let an auditor into their inner
circle, so to speak.
One correction
On Sat, Aug 17, 2013 at 6:39 PM, Sandy Harris sandyinch...@gmail.comwrote:
shawn wilson ag4ve...@gmail.com wrote:
I thought that decent crypto programs (openssh, openssl, tls suites)
should read from random so they stay secure and don't start generating
/insecure/ data when entropy runs
On 17/08/13 20:08 PM, Jon Callas wrote:
On Aug 17, 2013, at 2:41 AM, ianG i...@iang.org wrote:
So back to Silent Circle. One known way to achieve some control over their
closed source replacement vulnerability is to let an auditor into their inner
circle, so to speak.
One correction of
On Aug 17, 2013, at 12:49 AM, Bryan Bishop kanz...@gmail.com wrote:
On Sat, Aug 17, 2013 at 1:04 AM, Jon Callas j...@callas.org wrote:
It's very hard, even with controlled releases, to get an exact byte-for-byte
recompile of an app. Some compilers make this impossible because they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 17, 2013, at 10:41 AM, ianG i...@iang.org wrote:
Apologies, ack -- I noticed that in your post.
(And I think for crypto/security products, the BSD-licence variant is more
important for getting it out there than any OSI grumbles.)
Il 8/17/13 7:08 PM, Jon Callas ha scritto:
On Aug 17, 2013, at 2:41 AM, ianG i...@iang.org wrote:
So back to Silent Circle. One known way to achieve some control
over their closed source replacement vulnerability is to let an auditor
into their inner circle, so to speak.
One correction of
On 2013-08-17 4:04 PM, Jon Callas wrote:
The problems run even deeper than the raw practicality. Twenty-nine years ago this month, in the August 1984
issue of Communications of the ACM (Vol. 27, No. 8) Ken Thompson's famous Turing Award lecture,
Reflections on Trusting Trust was published. You
On 2013-08-17 5:57 PM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive requirements, the security geeks want the (P)RNG to block until
On Sat, Aug 17, 2013 at 12:50 PM, Jon Callas j...@callas.org wrote:
On Aug 17, 2013, at 12:49 AM, Bryan Bishop kanz...@gmail.com wrote:
Would providing (signed) build vm images solve the problem of distributing
your toolchain?
A more interesting approach would be to use a variety of
On Sat, Aug 17, 2013 at 3:49 AM, Bryan Bishop kanz...@gmail.com wrote:
On Sat, Aug 17, 2013 at 1:04 AM, Jon Callas j...@callas.org wrote:
It's very hard, even with controlled releases, to get an exact
byte-for-byte recompile of an app. Some compilers make this impossible
because they
On 17 August 2013 19:23, Jon Callas j...@callas.org wrote:
On Aug 17, 2013, at 10:41 AM, ianG i...@iang.org wrote:
Apologies, ack -- I noticed that in your post.
(And I think for crypto/security products, the BSD-licence variant is
more important for getting it out there than any OSI
On 2013-08-17 10:12 PM, Ben Laurie wrote:
What external crypto can you not fix? Windows? Then don't use
Windows. You can fix any crypto in Linux or FreeBSD.
No you cannot.
So what? BSD's definition is superior. Linux should fix their RNG. Or
these people who you think should implement
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 17, 2013, at 11:00 AM, Ali-Reza Anghaie a...@packetknife.com wrote:
On Sat, Aug 17, 2013 at 1:50 PM, Jon Callas j...@callas.org wrote:
I hope I don't sound like a broken record, but a smart attacker isn't going
to attack there, anyway. A
On the somewhat tangential-to-cryptography topic of open versus
closed source, may I suggest that the metrics that address the
question are the classic ones that define availability: mean time
between failure (MTBF) and mean time to repair (MTTR). As you know,
you get 100% availability by
yersinia yersinia.spi...@gmail.com writes:
To illustrated this, Peter displayed a photograph of three icosahedral says
That He'd thrown at home, saying here, if you need a random number, you can
use 846.
And there's the problem, he used a D20 so there's a bias in the results. If
he'd used a
29 matches
Mail list logo