Re: [cryptography] Fwd: [RFC][PATCH 0/6] /dev/random - a new approach

On 2016-04-28 3:49 AM, Watson Ladd wrote: If only there was an asymptotically good design that didn't require any estimation at all. See https://www.schneier.com/cryptography/fortuna/ for details. The money shot is: "At first, it might appear that the only way to prevent this attack is by

Re: [cryptography] Fwd: [RFC][PATCH 0/6] /dev/random - a new approach

Thor Lancelot Simon on Wed, Apr 27 2016: So we eat things like the first several seconds of frames from the network; dmesg output; TOD; IP addresses; hostnames; and other configuration and nonsecret data [...] On 2016-04-28 3:19 AM, Sven M. Hallberg wrote: Nice. I think this

Re: [cryptography] a new blockchain POW proposal

On 2016-01-24 1:11 PM, ianG wrote: There's some thinking about sharding the blockchain because that's the only way to go massively scaled to say IoT levels. Also a lot of thinking as to what happens when you relax the anonymity condition. Need to shard the blockchain if we are going to

Re: [cryptography] a little help with cookies please

On 2015-09-16 11:40, Givon Zirkind wrote: is it correct that [web page] cookies are trully local? Web page cookies are always sent to the server. And what is truly evil is that umpteen different websites may include a link to google, which sends google the google cookies, so that google

Re: [cryptography] Enranda: 4MB/s Userspace TRNG

I was actually surprised how uncompressible the timedelta stream does not make any sense. the result of a complex recursive chaotic calculation always appears uncompressible, unless you know the proper underlying model. trying to compress it only puts an upper limit on entropy, but never an

Re: [cryptography] Enranda: 4MB/s Userspace TRNG

On 2015-05-27 22:14, Krisztián Pintér wrote: On Wed, May 27, 2015 at 3:12 AM, Russell Leidich pke...@gmail.com wrote: if your proposed method comes with a complex extractor, it is bullshit OK point well taken. I should offer a raw mode. no, you actually shouldn't. you should offer raw mode

Re: [cryptography] Unbreakable crypto?

On 2015-03-22 10:34, James A. Donald wrote: On 2015-03-22 06:13, Lee wrote: Would a commonly available large binary file make a good one-time pad? Something like ubuntu-14.10-desktop-amd64.iso12 maybe.. I wrote: Before you asked the question, probably would have made a good one time pad

Re: [cryptography] random number generator

On 2014-11-22 03:01, d...@deadhat.com wrote: Rather than me listing names, why not just let it rip and run your own randomness tests on it? Because that won't tell me if you are performing entropy extraction. Jytter assumes an x86 machine with multiple asynchronous clocks and

Re: [cryptography] random number generator

On 2014-11-22 06:31, d...@deadhat.com wrote: OK, if you think my Jytter TRNG is weak, I did not say it was weak. I said Jytter (and any other algorithm) is deterministic when run on an entropy free platform. This is a simple fact. All platforms have entropy. If they boot from a physical

Re: [cryptography] random number generator

On 2014-11-23 09:47, Russell Leidich wrote: in your case, hash 128+N samples to get, say, 127.99 bits of entropy per hash output. N is small, under 20 I think. Yeah this certainly inspiring with respect to milking decent entropy from coldbootish environments. If we assume the use of a good

Re: [cryptography] The Trouble with Certificate Transparency

I don't know how google proposes to do it. I don't find their explanation entirely clear. Here is how I would do it. It guarantees that everyone sees the same information, and any attempt to tell two different stories immediately gets caught. There will be a mapping between strings and

Re: [cryptography] Weak random data XOR good enough random data = better random data?

On 2014-07-29 02:23, Lodewijk andré de la porte wrote: Hey everyone, If I XOR probably random data with good enough random data, does that result in at least good enough random data? Yes, but other mixing functions are better. Best to hash all streams together, rather than xor them together.

Re: [cryptography] Silent Circle Takes on Phones, Skype, Telecoms

On 2014-07-11 07:45, Kevin wrote: On 7/10/2014 4:39 PM, John Young wrote: https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/ With silent circle, when Ann talks to Bob, does Ann get Bob's public key from silent circle, and Bob

Re: [cryptography] Silent Circle Takes on Phones, Skype, Telecoms

On 2014-07-11 20:59, Michael Rogers wrote: For phone calls they use ZRTP, so Ann and Bob can verbally compare short authentication strings after the key exchange to detect a MITM, *if* they know each other's voices and their voices can't be faked. ZRTP carries keying material forward from one

Re: [cryptography] Request - PKI/CA History Lesson

On 2014-04-30 02:14, Jeffrey Goldberg wrote: On 2014-04-28, at 5:00 PM, James A. Donald jam...@echeque.com wrote: Cannot outsource trust Ann usually knows more about Bob than a distant authority does. So should Ann verify the fingerprints of Amazon, and Paypal herself? Ann should

Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL

On 08/04/14 11:46, ianG wrote: We have here a rare case of a broad break in a security protocol leading to compromise of keys. On 2014-04-09 21:53, Alan Braggins wrote: Though it's an implementation break, not a protocol break. Not exactly. The protocol failed to define a response to

Re: [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL

On 2014-04-09 00:48, Nico Williams wrote: On Mon, Apr 07, 2014 at 11:02:50PM -0700, Edwin Chu wrote: I am not openssl expert and here is just my observation. [...] Thanks for this analysis. Sadly, a variable-sized heartbeat payload was probably necessary, at least for the DTLS case: for PMTU

Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott

On 2014-01-17 01:28, John Young wrote: Civil engineers never say a dam is infallible, they say it will fail, watch for well-known weak spots, prepare to patch and maintain continuously, and never forget the disasters of over-confidence, limited construction budgets, cut backs in maintenance, and

Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott

On 2014-01-15 02:12, John Young wrote: Shirley Jackson, The Lottery, sacrificing a victim purges guilt of the guilty. Does anyone really believe RSA is alone in this betrayal? And that making an example of RSA will stop the industry practice of forked-tonguedness about working both sides of

Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott

On 2014-01-15 10:48, John Young wrote: But open source is compromised as well, for the same reasons and by the same parties. Some claim open source was born of and is powned by the spies. We can audit open source. Of course that costs serious money, but some people have adequate incentive to

Re: [cryptography] Practical Threshold Signatures

On 2013-11-13 16:14, realcr wrote: 2. Can I actually trust the elliptic curve with weil pairing to do its cryptographic job? Maybe better asked: Can I trust it like I trust that it is hard to factor numbers? (Maybe even more?) The Weil pairing is a great big hole in our usual arguments that

Re: [cryptography] Practical Threshold Signatures

On 2013-11-13 16:14, realcr wrote: From what I understand, the group I'm looking for is an elliptic cure with a weil pairing. (Jonathan mentioned bilinear map, I assume that means the same thing?) A pairing is a bilinear map. The Weil pairing is a particular bilinear map on the points of

Re: [cryptography] was this FIPS 186-1 (first DSA) an attemped NSA backdoor?

On 2013-10-10 23:30, Adam Back wrote:Of course NIST is down due to the USG political level stupidity (why take the extra work to switch off the web server on the way out I dont know). Note that the obamacare websites are still open, and that parks that are normally operated by private

Re: [cryptography] Daniel the King. Jon the President. Linus the God?

On 2013-10-06 02:52, d...@geer.org wrote: We reject: kings, presidents and voting. We believe in: rough consensus and running code. Which gave us IEEE 802.11 Which, like Occupy Wall Street, worked by consensus. ___ cryptography mailing list

Re: [cryptography] the spell is broken

On 2013-10-05 10:44, Jeffrey Walton wrote: On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald jam...@echeque.com wrote: On 2013-10-04 11:41, Jeffrey Walton wrote: We could not get rid of Trustwave in the public sector (so much for economics). What is wrong with trustwave? The company operates

Re: [cryptography] the spell is broken

On 2013-10-03 19:16, coderman wrote: On Wed, Oct 2, 2013 at 5:49 PM, James A. Donald jam...@echeque.com wrote: ... So, people who actually know what they are doing are acting as if they know, or have good reason to suspect, that AES and SHA-2 are broken. James this is not true. i challenge

Re: [cryptography] the spell is broken

On 2013-10-03 21:56, coderman wrote: On Thu, Oct 3, 2013 at 4:28 AM, James A. Donald jam...@echeque.com wrote: ... He does not believe that AES and SHA-2 rest are necessarily broken - but neither does he believe that they are not broken. there is a significant difference between avoiding

Re: [cryptography] the spell is broken

On 2013-10-04 02:03, Jared Hunter wrote: One of the biggest issues we're wrestling with, I think, is that the crypto community already decided that AES and SHA-2 are just fine. In large part because we trusted NIST. If we do not trust NIST ...

Re: [cryptography] the spell is broken

On 2013-10-04 00:13, Jeffrey Goldberg wrote: So unless you and Silent Circle have information that the rest of us don�t about AES and SHA-2, I�m actually pissed off at this action. It puts more pressure on us to follow suit, even though such a move would be pure security theater. You have

Re: [cryptography] the spell is broken

On 2013-10-04 07:31, Jon Callas wrote: absolutely, this is an emotional response. It's protest. Intellectually, I believe that AES and SHA2 are not compromised. Emotionally, I am angry and I want to distance myself from even the suggestion that I am standing with the NSA. As Coderman and Iang

Re: [cryptography] A question about public keys

On 2013-10-04 03:45, Adam Back wrote: Is it just me or could we better replace NIST by DJB ? ;) He can do that EC crypto, and do constant time coding (nacl), and non-hackable mail servers (qmail), and worst-time databases (cdb). Most people in the world look like rank amateurs or

Re: [cryptography] the spell is broken

On 2013-10-04 08:04, Paul Wouters wrote: Reasoning that way, you're very quickly left with not but a tin foil hat. Let's say we agree on twofish. then NIST/NSA certifies it for FIPS. Are we than taking that as proof it is compromised and figure out something else? If people were adopting

Re: [cryptography] the spell is broken

On 2013-10-04 11:41, Jeffrey Walton wrote: We could not get rid of Trustwave in the public sector (so much for economics). What is wrong with trustwave? They are smart people, unlike the world bank economists who do not know the difference between negative feedback and positive feedback, or

Re: [cryptography] the spell is broken

On 2013-10-04 11:26, Jeffrey Goldberg wrote: But not using AES is a protest that hurts only ourselves. I have always been inclined to believe that that twofish is better than AES. Refusing to use AES, or making it the non default choice, is rejecting NIST as a standards body. We need to

Re: [cryptography] One Time Pad Cryptanalysis

On 2013-10-03 09:17, Charles Jackson wrote: Any academic references? Official reality is surreal and generally should be ignored. ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] the spell is broken

On 2013-10-03 04:50, d.nix wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yeah, it may well be just marketing. The one thing that gives me pause is that Callas and Schneier are both part of the team that worked on the systems they have chosen to migrate to (Twofish, Skein), and Schneier

Re: [cryptography] [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

On 2013-10-02 06:10, Tony Arcieri wrote: tinfoilhatThey wanted us to think they were incompetent, so we would expect that Dual_EC_DRBG was their failed attempt to tamper with a cryptographic standard, and so we would overlook the more sinister and subtle attempts to tamper with the NIST

[cryptography] Why non random EC curves are unacceptable.

Although a typical EC curve is unbreakable except by a brute force algorithm of order 2^(n/2), a wide variety of special EC curves have been discovered that allow faster, much faster, methods of breaking. Some of these are so common that any freshly generated curve needs to be checked against

Re: [cryptography] [Cryptography] RSA equivalent key length/strength

On 2013-09-22 23:01, Peter Gutmann wrote: You're assuming that someone got passed a suitcase full of cash and that was it. Far more likely that RSA got a $10M contract for some government work and at some point that included a request to make the ECDRBG the default for insert

Re: [cryptography] Fatal flaw in Taiwanese smart card RNG

On 2013-09-17 02:56, Seth David Schoen wrote: Well, there's a distinction between RNGs that have been maliciously designed and RNGs that are just extremely poor (or just are inadequately seeded but their designers or users don't realize this). It sounds like such extremely poor RNGs are

Re: [cryptography] [liberationtech] Random number generation being influenced - rumors

On 2013-09-09 2:26 PM, David Johnston wrote: On 9/7/2013 6:11 PM, James A. Donald wrote: On 2013-09-07 9:14 PM, Eugen Leitl wrote: That's the claimed design, yes. I see no particular reason to believe that the hardware in my server implements the design. I can't even test that the AES

Re: [cryptography] [liberationtech] Random number generation being influenced - rumors

On 2013-09-09 3:18 PM, Greg Rose wrote: I actually hate to point this out, but having access to something that looks like a raw entropy source proves nothing. A genuine hardware noise source will show colored noise, which is very hard to simulate in software, and especially hard to simulate

Re: [cryptography] [liberationtech] Random number generation being influenced - rumors

On Mon, Sep 9, 2013 at 6:08 AM, Jon Callas j...@callas.org wrote: ... I have to disagree with you. Lots of us have told Intel that we really need to see the raw bits, and lots of us have gotten informal feedback that we'll see that in a future chip. On 2013-09-10 3:43 AM, coderman wrote:

Re: [cryptography] [liberationtech] Random number generation being influenced - rumors

-- On 2013-09-09 3:18 PM, Greg Rose wrote: I actually hate to point this out, but having access to something that looks like a raw entropy source proves nothing. On 9/9/2013 5:12 AM, James A. Donald wrote: A genuine hardware noise source will show colored noise, which is very hard

Re: [cryptography] Random number generation influenced, HW RNG

On 2013-09-09 1:54 AM, Thor Lancelot Simon wrote: On Sun, Sep 08, 2013 at 03:00:39PM +1000, James A. Donald wrote: On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote: On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote: Well, since you personally did this, would you care to explain

Re: [cryptography] Random number generation influenced, HW RNG

On 2013-09-08 3:48 AM, David Johnston wrote: Claiming the NSA colluded with intel to backdoor RdRand is also to accuse me personally of having colluded with the NSA in producing a subverted design. I did not. Well, since you personally did this, would you care to explain the very strange

Re: [cryptography] [liberationtech] Random number generation being influenced - rumors

On 2013-09-07 9:14 PM, Eugen Leitl wrote: That's the claimed design, yes. I see no particular reason to believe that the hardware in my server implements the design. I can't even test that the AES whitening does what it is documented to do, because Intel refused to provide access to the

Re: [cryptography] Random number generation influenced, HW RNG

On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote: On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote: Well, since you personally did this, would you care to explain the very strange design decision to whiten the numbers on chip, and not provide direct access to the raw unwhitened

Re: [cryptography] what has the NSA broken?

Most private keys are issued by, not merely certified by, the CAs. If issued by, not private. Chances are the controlling authority also gets a copy of that private key. To install your keys on your https server is painful, despite numerous people assuring me it is easy, and involves

Re: [cryptography] what has the NSA broken?

On 2013-09-06 11:58 PM, Ralph Holz wrote: I'd be surprised if a majority of CAs insisted on generating the key for you. No one insists, as far as I know. The problem is that idiocy is possible and permissible, not that it is mandatory. ___

Re: [cryptography] no-keyring public

On 2013-08-25 7:58 AM, James A. Donald wrote: On 2013-08-25 2:30 AM, � wrote: hi list, i had an epiphany today, and i wonder if such a thing already exists or not. so the usual thing is to create a key pair, store the private key encripted with a password. we automatically get a two factor

Re: [cryptography] urandom vs random

On 2013-08-20 1:31 AM, ianG wrote: It's a recurring theme -- there doesn't seem to be enough market demand for Hardware RNGs. Every microphone is a hardware RNG ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] urandom vs random

On 2013-08-21 7:33 AM, grarpamp wrote: The subject thread is covering a lot about OS implementations and RNG various sources. But what are the short list of open source tools we should be using to actually test and evaluate the resulting number streams?

[cryptography] Jingle and Otr

Jingle supports voice, video, and text messaging. OTR is a reasonably user friendly encryption system, or at least less user hostile than most, that, unlike skype, does not suffer a central point of failure pidgin supports both jingle and otr, as well as just about everything else in the

Re: [cryptography] Jingle and Otr

On 2013-08-21 12:33 PM, Peter Saint-Andre wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 8/20/13 8:31 PM, Natanael wrote: https://jitsi.org/Documentation/ZrtpFAQ ZRTP and the GNU ZRTP implementation provide features to communication programs to setup of secure audio and video session

Re: [cryptography] Jingle and Otr

On 2013-08-21 2:00 PM, Natanael wrote: Well, the point here is that ZRTP for video and voice pretty much is functionally equivalent to OTR for IM. OTR is designed for messages, ZRTP is designed for data streams. Ah yes, I see: I was thinking of the problem from a text point of view, where

Re: [cryptography] urandom vs random

On 2013-08-18 4:11 PM, Ben Laurie wrote: If I chose to run Linux, I could fix the version I ran. In fact, I choose not to run it, so I don't need to. But if you write software, you don't write it just for your own computer, so if you write software for linux, you have to write it for the

Re: [cryptography] Reply to Zooko (in Markdown)

On 2013-08-17 4:04 PM, Jon Callas wrote: The problems run even deeper than the raw practicality. Twenty-nine years ago this month, in the August 1984 issue of Communications of the ACM (Vol. 27, No. 8) Ken Thompson's famous Turing Award lecture, Reflections on Trusting Trust was published. You

Re: [cryptography] urandom vs random

On 2013-08-17 5:57 PM, Peter Gutmann wrote: Nico Williams n...@cryptonector.com writes: It might be useful to think of what a good API would be. The problem isn't the API, it's the fact that you've got two mutually exclusive requirements, the security geeks want the (P)RNG to block until

Re: [cryptography] urandom vs random

On 2013-08-17 10:12 PM, Ben Laurie wrote: What external crypto can you not fix? Windows? Then don't use Windows. You can fix any crypto in Linux or FreeBSD. No you cannot. So what? BSD's definition is superior. Linux should fix their RNG. Or these people who you think should implement

Re: [cryptography] urandom vs random

At startup, likely to be short of entropy. Actual behavior, and even existence, of /dev/random and /dev/urandom varies substantially from one implementation to another. If /dev/random blocks when short of entropy, then likely to block at startup, which is good. Services that need entropy do

Re: [cryptography] urandom vs random

On Fri, Aug 16, 2013 at 10:01 PM, James A. Donald jam...@echeque.com wrote: If /dev/urandom seeded at startup, and then seeded no further, bad, but not very bad. If /dev/urandom seeded at startup from /dev/random, then should block at startup. If /dev/urandom never blocks, bad. Should block

Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service

On 2013-08-14 6:10 AM, Nico Williams wrote: - it's really not easy to defeat the PRISMs. the problem is *political* more than technological. For a human to read all communications would be an impossible burden. Instead, apply the following algorithm. Identify people of interest. Read

Re: [cryptography] Grover's Algo Beaten?

On 2013-07-28 1:29 PM, Russell Leidich wrote: Is this to be taken seriously... Massachusetts Institute of Technology professor Seth Lloyd claims to have developed a quantum search algo which can search 2^N (presumably unsorted) records in O(N) time. (This is the subtext of this mundane

Re: [cryptography] Must have seemed like a good idea at the time

On 2013-07-22 9:01 AM, Randall Webmail wrote: [SNIP] To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic

Re: [cryptography] [liberationtech] Heml.is - The Beautiful Secure Messenger

On 2013-07-13 12:20 AM, Eugen Leitl wrote: It's worth noting that the maintainer of record (me) for the Linux RNG quit the project about two years ago precisely because Linus decided to include a patch from Intel to allow their unauditable RdRand to bypass the entropy pool over my strenuous

Re: [cryptography] DeCryptocat

On 2013-07-05 6:34 AM, Silas Cutler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sorry, long time lurker, first time poster. Hate my first post to be a negative one. http://tobtu.com/decryptocat.php Brief DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat

Re: [cryptography] DeCryptocat

On 2013-07-05 7:18 AM, Michael Rogers wrote: The choice of curve wasn't the problem - they were using Curve25519 but messing up the random number generation. Ah, I see. They have company. ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] Potential funding for crypto-related projects

On 2013-07-04 2:11 AM, Wasabee wrote: On 03/07/2013 13:31, Michael Rogers wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/07/13 13:26, danimoth wrote: Not directly related to remailer, but what about dc nets [1] ? [1] The Dining Cryptographers Problem: Unconditional Sender

Re: [cryptography] Potential funding for crypto-related projects

On 2013-07-01 9:50 PM, Ben Laurie wrote: On 1 July 2013 12:32, Tom Ritter t...@ritter.vg wrote: On 1 July 2013 05:04, Ben Laurie b...@links.org wrote: On 1 July 2013 01:55, Jacob Appelbaum ja...@appelbaum.net wrote: So then - what do you suggest to someone who wants to leak a document to a

Re: [cryptography] Is the NSA now a civilian intelligence agency? (Was: Re: Snowden: Fabricating Digital Keys?)

On 2013-07-02 8:47 AM, Nico Williams wrote: On Mon, Jul 1, 2013 at 4:57 PM, grarpamp grarp...@gmail.com wrote: And when LEA get caught doing this nothing terribly bad happens to LEA (no officers go to prison, for example). It is often in the interest/whim of the executive to decline to

Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)

On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other products are taking their chances. Agencies showing sudden interest in encrypted comm ---

Re: [cryptography] post-PRISM boom in secure communications (WAS skype backdoor confirmation)

On 2013-07-01 8:55 AM, Nadim Kobeissi wrote: On 2013-06-30, at 3:44 AM, James A. Donald jam...@echeque.com wrote: On 2013-06-30 5:13 PM, Danilo Gligoroski wrote: This was expected. As Skype definitely ruined its reputation as free end-to-end application for secure communication, other

Re: [cryptography] Potential funding for crypto-related projects

On 2013-06-30 10:21 AM, Natanael wrote: Of course there's that whole 'almost none of our tools are usable' problem. That problem needs fixing first. Only then will our enemies start bothering with pattern recognition and such. Right now, the most trivial precautions result in

Re: [cryptography] Potential funding for crypto-related projects

The biggest Tor vulnerability is that governments and large criminal organizations (but I repeat myself) can use their influence over a CA to perform a man in the middle attack. I don't think they are doing this (as I said, they only bother with the low hanging fruit) but they could. Is

Re: [cryptography] Cryptocat: Adopting Accessibility and Ease of Use as Security Properties

On 2013-06-25 1:02 AM, Nadim Kobeissi wrote: Today, with Cryptocat nearing 65,000 regular users, the Cryptocat project releases �Cryptocat: Adopting Accessibility and Ease of Use as Security Properties,� a working draft which brings together the past year of Cryptocat research and

Re: [cryptography] 100 Gbps line rate encryption

On 2013-06-23 6:47 AM, Peter Maxwell wrote: I think Bernstein's Salsa20 is faster and significantly more secure than RC4, whether you'll be able to design hardware to run at line-speed is somewhat more questionable though (would be interested to know if it's possible right enough). I

Re: [cryptography] CTR mode limit cycle length

On 2013-06-13 12:31 PM, Russell Leidich wrote: Not to detract from the important discussion of how best to use AES CTR mode, but I have a more basic question... I can certainly understand why the discussion of CTR mode is considered to be boring. I assume that anyone can easily verify that

Re: [cryptography] skype backdoor confirmation

On 2013-05-26 2:13 AM, Eric S Johnson wrote: Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. Oh come on. We will not tell you tells us.

Re: [cryptography] skype backdoor confirmation

On 2013-05-23 3:28 AM, Florian Weimer wrote: * Adam Back: If you want to claim otherwise we're gonna need some evidence. https://login.skype.com/account/password-reset-request This is impossible to implement with any real end-to-end security. Skype's claim was that it was end to end,

Re: [cryptography] skype backdoor confirmation

On 2013-05-22 5:00 PM, yersinia wrote: Sorry for the top posting. Many company are using private social network these days. As usual someone internal to the organization has the right to record and sniff also the private traffic. Don't like ? Well, you can always use services as scrumbls.

Re: [cryptography] skype backdoor confirmation

Cops just don't put that much work in. On 2013-05-22 5:41 PM, Jacob Appelbaum wrote: Yes, yes they do: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ That governments attempt to spy on people is not evidence that they any good at

Re: [cryptography] skype backdoor confirmation

On 2013-05-22 4:20 AM, Benjamin Kreuter wrote: On Tue, 21 May 2013 14:17:02 +1000 James A. Donald jam...@echeque.com wrote: Police install malware by black bagging, and by the same methods as botnets. Both methods are noticeable. I do not think the following scenario is terribly far-fetched

Re: [cryptography] skype backdoor confirmation

James A. Donald: No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. On 2013-05-21 10:55 AM, Jacob Appelbaum wrote: That is - how would they notice and if they were being logged, how would *you* notice on your end? I would notice, because

Re: [cryptography] skype backdoor confirmation

On 2013-05-21 3:08 AM, Mark Seiden wrote: (i know that at least jake and ian understand all the nuances here, probably better than me.) bus still, i would like you to consider, for a moment, this question: suppose there were a service that intentionally wanted to protect recipients of

Re: [cryptography] skype backdoor confirmation

On 2013-05-21 4:50 AM, Mark Seiden wrote: you can advise whatever you fancy, but skype, google, microsoft are unlikely to agree to any such thing unless your client is a Really Big company who pays them a lot of money. and why should they even bother their lawyers? pretty much, their service Is

Re: [cryptography] skype backdoor confirmation

On 2013-05-21 12:41 PM, Jacob Appelbaum wrote: James A. Donald: James A. Donald: No one on my buddy list has been taken over, or if they have, they took care of it before I noticed. On 2013-05-21 10:55 AM, Jacob Appelbaum wrote: That is - how would they notice and if they were being logged

Re: [cryptography] Skype backdoor confirmation

Obviously a secret is no secret the person sending it is not on your buddy list. Conversely, it should not be possible to inspect messages if the person sending it is on your buddy list. ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] ICIJ's project - comment on cryptography tools

On 2013-04-05 10:47 AM, James A. Donald wrote: How does it work? Is it really secure, and if it is, how did they manage a not one click for security user interface? Already answered by others on this list. Not secure, apple can MIM

Re: [cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

On 2013-03-29 8:23 AM, Jeffrey Goldberg wrote: I suspect Apple has the methods/processes to provide it. I have no more evidence than you do, but my guess is that they don't, for the simple reason that if they did that fact would leak out. Secret conspiracies (and that's what it would take) grow

Re: [cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

On 2013-03-29 10:47 AM, Nico Williams wrote: There is zero chance Apple would be backdooring anything for profit They might, however, and very likely are, backdooring everything to avoid getting their faces broken in with rifle butts. ___

Re: [cryptography] New mailing list for crypto politics/non-tech (Was: Cypherpunks mailing list)

On 2013-03-26 6:21 AM, Jack Lloyd wrote: I just created a new mailman list https://lists.randombit.net/mailman/listinfo/cryptopolitics as a venue for discussions that would normally go to cypherpunks but hasn't because of the name or spam or whatever reason, and which are off topic for this list

Re: [cryptography] why did OTR succeed in IM?

On 2013-03-24 3:25 AM, Jon Callas wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 23, 2013, at 6:36 AM, Ben Laurie b...@links.org wrote: On 23 March 2013 09:25, ianG i...@iang.org wrote: Someone on another list asked an interesting question: Why did OTR succeed in IM

Re: [cryptography] Iranian Cryptography Vendors

On 2013-03-24 6:28 AM, Ethan Heilman wrote: Does anyone know where I would be able to find information on what cryptographic hardware is currently used by Islamic Republic's military and diplomatic organizations? �What vendors they are using and what elements of the Iranian government

Re: [cryptography] Keyspace: client-side encryption for key/value stores

On 2013-03-21 5:59 PM, ianG wrote: On 21/03/13 09:52 AM, Tony Arcieri wrote: A question about crypto-capabilities is: how do you share them securely? Using a crypto-capability for secure sharing. Which leads to a boot-strapping problem, of course, but that's part of the fun. A partial

Re: [cryptography] Announcing a new JVM crypto library

On 2013-03-17 1:37 PM, Will wrote: Hello, I've released a new native OSS crypto library for the JVM that uses AES-NI, PCLMUL, and RDRAND instructions available on recent x86-64 CPUs: https://github.com/wg/crypto It supports AES in CBC, CTR, and GCM modes with optional authentication,

Re: [cryptography] Client TLS Certificates - why not?

On 2013-03-06 4:41 AM, StealthMonger wrote: What's wrong with the following simple idea: 1. p2p: The parties opportunistically verify out-of-band after exchanging keys via public key servers or (insecure) email. 2. Prospective customer verification of merchant: Merchant includes the ID of its

Re: [cryptography] Client TLS Certificates - why not?

James A. Donald jam...@echeque.com writes: The key, and the hash of the key, is a long string of random gibberish. It should not be visible to end users. Experience demonstrates that showing it repels 99% of end users. On 2013-03-06 9:33 PM, StealthMonger wrote: Merchant includes its

Re: [cryptography] Client TLS Certificates - why not?

On 2013-03-06 1:18 AM, Jeffrey Walton wrote: That's Patient 0. Its the key distribution problem. Its the cause of all the troubles. Web of Trust, Hierarchy of Trust, DNSSEC/DANE, Sovereign Keys, Convergence, {Certificate|Public Key} Pinning, Key Continuity, etc are all band-aides for the first

Re: [cryptography] Client TLS Certificates - why not?

On 2013-03-06 4:41 AM, StealthMonger wrote: 2. Prospective customer verification of merchant: Merchant includes the ID of its signing key in every advertisement and repeatedly admonishes prospects to Accept No Substitutes. The key, and the hash of the key, is a long string of random gibberish.

  1   2   3   >