populations.
Now maybe it was a mistake to label it as PRISM-Proof in our press release
and media interviews! I said that because to me PRISM means mass surveillance
of innocents. Perhaps to other people it doesn't mean that. Oops!
Regards,
Zooko
On Tue, Aug 13, 2013 at 01:52:38PM -0500, Nicolai wrote:
Zooko: Congrats on the service. I'm wondering if you could mention on the
site which primitives are used client-side. All I see is that combinations
of sftp and ssl are used for data-in-flight.
Thanks!
I'm not sure what your
/TahoeLAFSBasics
https://tahoe-lafs.org/trac/tahoe-lafs/wiki/FAQ
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
intrinsically in
the email protocols themselves. Email as we know it with SMTP, POP3, and
IMAP cannot be secure.
https://silentcircle.wordpress.com/2013/08/09/to-our-customers/
(Kudos to Jon for saying something sensical in that last one!)
Regards,
Zooko
here? :-)
This is a very good resource because it includes recommendations from multiple
sources and makes it easy to compare them:
http://www.keylength.com/
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http
and ephemeral keys are random.
Or it could be used as an added, redundant defense. I guess if it is an added,
redundant defense then this is the same as including the random nonce -- number
3 from the list above.
Regards,
Zooko
___
cryptography mailing
with a better demonstration
that they were generated with any possible back door than do the
NIST curves [3].
Regards,
Zooko
[1] http://www.keylength.com/
[2] http://bench.cr.yp.to/results-sign.html
[3]
http://www.ecc-brainpool.org/download/draft-lochter-pkix-brainpool-ecc-00.txt
likely to have preimage
resistance than a non-iterated hash is to have collision-resistance.
And I think it is quite clear that for any real hash function such as
MD5, SHA-1, Tiger, Ripemd, SHA-2, and the SHA-3 candidates that this
does hold!
What do you think of that argument?
Regards,
Zooko
of the above seems well suited to maintaining a Merkle Tree over
the file data with a secure hash.
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Dear Paul Crowley:
How about the Compact Representation, section 4.2, of RFC 6090:
http://www.rfc-editor.org/rfc/rfc6090.txt
Is that the same point compression that you were looking for?
Regards,
Zooko
___
cryptography mailing list
cryptography
of this approach.
But, if ZFS could be modified to fix these problems or if a new
filesystem would add a feature of maintaining a canonical,
reproducible Merkle Tree, then it might be extremely useful.
Thanks to Brian Warner and Dan Shoutis for discussions about this idea.
Regards,
Zooko
Also related, Eric Hughes posted about something he called Encrypted
Open Books on 1993-08-16. The idea was to allow an auditor to confirm
the correctness of the accounts without being able to see the details
of people's accounts.
Regards,
Zooko
tools that integrate into
user workflow and take advantage of the information that is already
present, *then* we'll still have some remaining hard problems about
fitting usability and security together.
Regards,
Zooko
___
cryptography mailing list
version
available:
http://tahoe-lafs.org/trac/tahoe-lafs/wiki/OSPackages
Please contact us through the tahoe-dev mailing list if you have
further questions.
Regards,
Zooko Wilcox-O'Hearn
ANNOUNCING Tahoe, the Least-Authority File System, v1.8.3
The Tahoe-LAFS team announces the immediate
:
https://password-hashing.net/
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
. mining), which last about 48 hours. However,
back-of-the-envelope calculations by yours truly indicate that a
100,000-node botnet would not contribute even 10% of the hash rate
seen in the dip.
Regards,
Zooko
___
cryptography mailing list
cryptography
like Blake, or a
SHA-3 reject like Edon-R. I'm not saying you shouldn't use such a
thing either. What I'm saying is: their existence is reason to believe
that a secure hash function with this kind of efficiency could exist.
Regards,
Zooko
[¹]
http://csrc.nist.gov/groups/ST/hash/sha-3/Round1
what length-extension attacks can or
can't do to my designs.
Of course, once you upgrade to a shiny new hash function with built-in
protection against length-extension attack, then you should drop the
HASH_d technique.
Regards,
Zooko
___
cryptography
AH, what about using a different MAC entirely, like say
Poly1305-AES? :-)
Regards,
Zooko
¹ http://bench.cr.yp.to/results-hash.html
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
decision to use SHA-1 in git is
going to mean that those web developers choose SHA-1 for many, many
years to come.
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
http://allthingsd.com/20120423/pgp-creator-phil-zimmerman-has-a-new-venture-called-silent-circle/
https://silentcircle.com/
Continually nowadays I think I'm living in one of the science fiction
novels of my youth. This one is by Neal Stephenson, I think.
Regards,
Zooko
load the page yourself to read those.
I also posted it on the tahoe-dev mailing list, where a small thread ensued:
https://tahoe-lafs.org/pipermail/tahoe-dev/2012-April/007315.html
Regards,
Zooko
*“On the limits of the use cases for authenticated encryption**”*
*What is authenticated encryption
On Wed, Apr 25, 2012 at 9:27 PM, Marsh Ray ma...@extendedsubset.com wrote:
On 04/25/2012 10:11 PM, Zooko Wilcox-O'Hearn wrote:
1. the secret-oriented way: you make a MAC tag of the chunk (or equivalently
you use Authenticated Encryption on it) using a secret key known to the good
guy(s
following-up to my own post:
On Wed, May 9, 2012 at 6:34 AM, Zooko Wilcox-O'Hearn zo...@zooko.com wrote:
1. Decrypt the data,
2. Verify the integrity of the data,
3. Generate MAC tags for other data which would pass the integrity check.
The fact that 3 is included in that bundle
Folks:
Here's a copy of a post I just made to my Google+ account about this
alleged Botnet herder who has been answering questions about his
operation on reddit:
https://plus.google.com/108313527900507320366/posts/1oi1v7RxR1i
=== introduction ===
Someone is posting to reddit claiming to be a
ANNOUNCING Tahoe, the Least-Authority File System, v1.10
The Tahoe-LAFS team is pleased to announce the immediate
availability of version 1.10.0 of Tahoe-LAFS, an extremely
reliable distributed storage system. Get it here:
https://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/quickstart.rst
Dear people of the cryptography@randombit.net mailing list:
For obvious reasons, the time has come to push hard on *verifiable*
end-to-end encryption. Here's our first attempt. We intend to bring
more!
We welcome criticism, suggestions, and requests.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO
of their
ciphertext. Also our customer and business partners like having the
option of hiring us for support when they are integrating the
free-and-open-source LAFS software into their own products.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom
cloud storage API that people use to build other services.)
Regards,
Zooko Wilcox-O'Hearn
.. _recent shutdown of Lavabit:
http://boingboing.net/2013/08/08/lavabit-email-service-snowden.html
.. _shutdown of Silent Circle's “Silent Mail” product:
http://silentcircle.wordpress.com/2013/08/09/to-our
. But it is fixable! But to fix
it starts with admitting what the problem is.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Service Rep
https://LeastAuthority.com
Freedom matters.
___
cryptography mailing list
cryptography@randombit.net
http
Date: Tue, 1 Oct 2013 15:45:27 -0400
From: zooko zo...@zooko.com
To: Multiple recipients of list hash-fo...@nist.gov
Subject: Re: On 128-bit security
Folks:
Here are my personal opinions about these issues. I'm not expert at
cryptanalysis. Disclosure: I'm one of the authors of BLAKE2
-R. ☺ That
will probably be around 5 rounds.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom matters.
---
illumos-zfs
Archives: https://www.listbox.com/member/archive/182191/=now
RSS Feed: https
it to me, I'll
spend some of my valuable time to learn, because I'm interested in
filesystems in general and ZFS in particular. If not, I'm pretty sure
everything I've written above is still true.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom
reading my mind. As
well as adding in a bunch of ideas that were not in my mind, from such
sources as http://eprint.iacr.org/2014/452.pdf .
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
thodology, from Linus
Torvald:
http://git.vger.kernel.narkive.com/9lgv36un/zooko-zooko-com-revctrl-colliding-md5-hashes-of-human-meaningful#post2
So, my attempted contribution to this pattern was to help specify
BLAKE2, so that instead of telling people "MD5 is broken! Switch to
this secure but
work algorithm.
:-)
Regards,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
bout the risks and limitations of
the Zcash project.
Sincerely,
Zooko
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
37 matches
Mail list logo