On 2016-04-28 3:49 AM, Watson Ladd wrote:
If only there was an asymptotically good design that didn't require
any estimation at all. See
https://www.schneier.com/cryptography/fortuna/ for details.
The money shot is:
"At first, it might appear that the only way to prevent this attack is
by
Thor Lancelot Simon on Wed, Apr 27 2016:
So we eat things like the first several seconds of frames from
the network; dmesg output; TOD; IP addresses; hostnames; and other
configuration and nonsecret data [...]
On 2016-04-28 3:19 AM, Sven M. Hallberg wrote:
Nice. I think this
On 2016-01-24 1:11 PM, ianG wrote:
There's some thinking about sharding the blockchain because that's the
only way to go massively scaled to say IoT levels. Also a lot of
thinking as to what happens when you relax the anonymity condition.
Need to shard the blockchain if we are going to
On 2015-09-16 11:40, Givon Zirkind wrote:
is it correct that [web page] cookies are trully local?
Web page cookies are always sent to the server.
And what is truly evil is that umpteen different websites may include a
link to google, which sends google the google cookies, so that google
I was actually surprised how uncompressible the timedelta stream
does not make any sense. the result of a complex recursive chaotic
calculation always appears uncompressible, unless you know the proper
underlying model. trying to compress it only puts an upper limit on
entropy, but never an
On 2015-05-27 22:14, Krisztián Pintér wrote:
On Wed, May 27, 2015 at 3:12 AM, Russell Leidich pke...@gmail.com wrote:
if your proposed method comes with a complex extractor, it is bullshit
OK point well taken. I should offer a raw mode.
no, you actually shouldn't. you should offer raw mode
On 2015-03-22 10:34, James A. Donald wrote:
On 2015-03-22 06:13, Lee wrote:
Would a commonly available large binary file make a good one-time pad?
Something like ubuntu-14.10-desktop-amd64.iso12 maybe..
I wrote:
Before you asked the question, probably would have made a good one time
pad
On 2014-11-22 03:01, d...@deadhat.com wrote:
Rather than me listing names, why not just let it rip and run your own
randomness tests on it?
Because that won't tell me if you are performing entropy extraction.
Jytter assumes an x86 machine with multiple asynchronous clocks and
On 2014-11-22 06:31, d...@deadhat.com wrote:
OK, if you think my Jytter TRNG is weak,
I did not say it was weak. I said Jytter (and any other algorithm) is
deterministic when run on an entropy free platform. This is a simple fact.
All platforms have entropy.
If they boot from a physical
On 2014-11-23 09:47, Russell Leidich wrote:
in your case, hash 128+N samples to get, say, 127.99 bits of entropy
per hash output. N is small, under 20 I think.
Yeah this certainly inspiring with respect to milking decent entropy
from coldbootish environments. If we assume the use of a good
I don't know how google proposes to do it. I don't find their
explanation entirely clear.
Here is how I would do it. It guarantees that everyone sees the same
information, and any attempt to tell two different stories immediately
gets caught.
There will be a mapping between strings and
On 2014-07-29 02:23, Lodewijk andré de la porte wrote:
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
Yes, but other mixing functions are better.
Best to hash all streams together, rather than xor them together.
On 2014-07-11 07:45, Kevin wrote:
On 7/10/2014 4:39 PM, John Young wrote:
https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/
With silent circle, when Ann talks to Bob, does Ann get Bob's public key
from silent circle, and Bob
On 2014-07-11 20:59, Michael Rogers wrote:
For phone calls they use ZRTP, so Ann and Bob can verbally compare
short authentication strings after the key exchange to detect a MITM,
*if* they know each other's voices and their voices can't be faked.
ZRTP carries keying material forward from one
On 2014-04-30 02:14, Jeffrey Goldberg wrote:
On 2014-04-28, at 5:00 PM, James A. Donald jam...@echeque.com wrote:
Cannot outsource trust Ann usually knows more about Bob than a distant
authority does.
So should Ann verify the fingerprints of Amazon, and Paypal herself?
Ann should
On 08/04/14 11:46, ianG wrote:
We have here a rare case of a broad break in a security protocol leading
to compromise of keys.
On 2014-04-09 21:53, Alan Braggins wrote:
Though it's an implementation break, not a protocol break.
Not exactly. The protocol failed to define a response to
On 2014-04-09 00:48, Nico Williams wrote:
On Mon, Apr 07, 2014 at 11:02:50PM -0700, Edwin Chu wrote:
I am not openssl expert and here is just my observation.
[...]
Thanks for this analysis.
Sadly, a variable-sized heartbeat payload was probably necessary, at
least for the DTLS case: for PMTU
On 2014-01-17 01:28, John Young wrote:
Civil engineers never say a dam is infallible, they say it will fail, watch
for well-known weak spots, prepare to patch and maintain continuously,
and never forget the disasters of over-confidence, limited construction
budgets, cut backs in maintenance, and
On 2014-01-15 02:12, John Young wrote:
Shirley Jackson, The Lottery, sacrificing a victim purges guilt
of the guilty.
Does anyone really believe RSA is alone in this betrayal?
And that making an example of RSA will stop the industry practice
of forked-tonguedness about working both sides of
On 2014-01-15 10:48, John Young wrote:
But open source is compromised as well, for the same reasons
and by the same parties. Some claim open source was born of and
is powned by the spies.
We can audit open source. Of course that costs serious money, but some
people have adequate incentive to
On 2013-11-13 16:14, realcr wrote:
2. Can I actually trust the elliptic curve with weil pairing to do its
cryptographic job? Maybe better asked: Can I trust it like I trust that
it is hard to factor numbers? (Maybe even more?)
The Weil pairing is a great big hole in our usual arguments that
On 2013-11-13 16:14, realcr wrote:
From what I understand, the group I'm looking for is an elliptic cure
with a weil pairing. (Jonathan mentioned bilinear map, I assume that
means the same thing?)
A pairing is a bilinear map. The Weil pairing is a particular bilinear
map on the points of
On 2013-10-10 23:30, Adam Back wrote:Of course NIST is down due to the
USG political level stupidity (why take the extra work to switch off
the web
server on the way out I dont know).
Note that the obamacare websites are still open, and that parks that are
normally operated by private
On 2013-10-06 02:52, d...@geer.org wrote:
We reject: kings, presidents and voting.
We believe in: rough consensus and running code.
Which gave us IEEE 802.11
Which, like Occupy Wall Street, worked by consensus.
___
cryptography mailing list
On 2013-10-05 10:44, Jeffrey Walton wrote:
On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-04 11:41, Jeffrey Walton wrote:
We could not get rid of Trustwave in the public sector (so much for
economics).
What is wrong with trustwave?
The company operates
On 2013-10-03 19:16, coderman wrote:
On Wed, Oct 2, 2013 at 5:49 PM, James A. Donald jam...@echeque.com wrote:
...
So, people who actually know what they are doing are acting as if they know,
or have good reason to suspect, that AES and SHA-2 are broken.
James this is not true.
i challenge
On 2013-10-03 21:56, coderman wrote:
On Thu, Oct 3, 2013 at 4:28 AM, James A. Donald jam...@echeque.com wrote:
...
He does not believe that AES and SHA-2 rest are necessarily broken - but
neither does he believe that they are not broken.
there is a significant difference between avoiding
On 2013-10-04 02:03, Jared Hunter wrote:
One of the biggest issues we're wrestling with, I think, is that the crypto
community already decided that AES and SHA-2 are just fine.
In large part because we trusted NIST. If we do not trust NIST ...
On 2013-10-04 00:13, Jeffrey Goldberg wrote:
So unless you and Silent Circle have information that the rest of us don�t
about AES and SHA-2, I�m actually pissed off at this action. It puts more
pressure on us to follow suit, even though such a move would be pure security
theater.
You have
On 2013-10-04 07:31, Jon Callas wrote:
absolutely, this is an emotional response. It's protest. Intellectually, I
believe that AES and SHA2 are not compromised. Emotionally, I am angry and I
want to distance myself from even the suggestion that I am standing with the
NSA. As Coderman and Iang
On 2013-10-04 03:45, Adam Back wrote:
Is it just me or could we better replace NIST by DJB ? ;) He can do
that EC
crypto, and do constant time coding (nacl), and non-hackable mail servers
(qmail), and worst-time databases (cdb). Most people in the world
look like
rank amateurs or
On 2013-10-04 08:04, Paul Wouters wrote:
Reasoning that way, you're very quickly left with not but a tin foil
hat. Let's say we agree on twofish. then NIST/NSA certifies it for FIPS.
Are we than taking that as proof it is compromised and figure out
something else?
If people were adopting
On 2013-10-04 11:41, Jeffrey Walton wrote:
We could not get rid of Trustwave in the public sector (so much for
economics).
What is wrong with trustwave? They are smart people, unlike the world
bank economists who do not know the difference between negative feedback
and positive feedback, or
On 2013-10-04 11:26, Jeffrey Goldberg wrote:
But not using AES is a protest that hurts only ourselves.
I have always been inclined to believe that that twofish is better than AES.
Refusing to use AES, or making it the non default choice, is rejecting
NIST as a standards body.
We need to
On 2013-10-03 09:17, Charles Jackson wrote:
Any academic references?
Official reality is surreal and generally should be ignored.
___
cryptography mailing list
cryptography@randombit.net
On 2013-10-03 04:50, d.nix wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yeah, it may well be just marketing. The one thing that gives me pause
is that Callas and Schneier are both part of the team that worked on
the systems they have chosen to migrate to (Twofish, Skein), and
Schneier
On 2013-10-02 06:10, Tony Arcieri wrote:
tinfoilhatThey wanted us to think they were incompetent, so we would
expect that Dual_EC_DRBG was their failed attempt to tamper with a
cryptographic standard, and so we would overlook the more sinister and
subtle attempts to tamper with the NIST
Although a typical EC curve is unbreakable except by a brute force
algorithm of order 2^(n/2), a wide variety of special EC curves have
been discovered that allow faster, much faster, methods of breaking.
Some of these are so common that any freshly generated curve needs to be
checked against
On 2013-09-22 23:01, Peter Gutmann wrote:
You're assuming that someone got passed a suitcase full of cash and that was
it. Far more likely that RSA got a $10M contract for some government work and
at some point that included a request to make the ECDRBG the default for
insert
On 2013-09-17 02:56, Seth David Schoen wrote:
Well, there's a distinction between RNGs that have been maliciously
designed and RNGs that are just extremely poor (or just are
inadequately seeded but their designers or users don't realize this).
It sounds like such extremely poor RNGs are
On 2013-09-09 2:26 PM, David Johnston wrote:
On 9/7/2013 6:11 PM, James A. Donald wrote:
On 2013-09-07 9:14 PM, Eugen Leitl wrote:
That's the claimed design, yes. I see no particular reason to believe
that the hardware in my server implements the design. I can't even
test
that the AES
On 2013-09-09 3:18 PM, Greg Rose wrote:
I actually hate to point this out, but having access to something that
looks like a raw entropy source proves nothing.
A genuine hardware noise source will show colored noise, which is very
hard to simulate in software, and especially hard to simulate
On Mon, Sep 9, 2013 at 6:08 AM, Jon Callas j...@callas.org
wrote:
... I have to disagree with you. Lots of us have told
Intel that we really need to see the raw bits, and lots of
us have gotten informal feedback that we'll see that in a
future chip.
On 2013-09-10 3:43 AM, coderman wrote:
--
On 2013-09-09 3:18 PM, Greg Rose wrote:
I actually hate to point this out, but having access to
something that looks like a raw entropy source proves
nothing.
On 9/9/2013 5:12 AM, James A. Donald wrote:
A genuine hardware noise source will show colored noise,
which is very hard
On 2013-09-09 1:54 AM, Thor Lancelot Simon wrote:
On Sun, Sep 08, 2013 at 03:00:39PM +1000, James A. Donald wrote:
On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote:
On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote:
Well, since you personally did this, would you care to explain
On 2013-09-08 3:48 AM, David Johnston wrote:
Claiming the NSA colluded with intel to backdoor RdRand is also to
accuse me personally of having colluded with the NSA in producing a
subverted design. I did not.
Well, since you personally did this, would you care to explain the very
strange
On 2013-09-07 9:14 PM, Eugen Leitl wrote:
That's the claimed design, yes. I see no particular reason to believe
that the hardware in my server implements the design. I can't even test
that the AES whitening does what it is documented to do, because Intel
refused to provide access to the
On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote:
On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote:
Well, since you personally did this, would you care to explain the
very strange design decision to whiten the numbers on chip, and not
provide direct access to the raw unwhitened
Most private keys are issued by, not merely certified by, the CAs.
If issued by, not private. Chances are the controlling authority also
gets a copy of that private key.
To install your keys on your https server is painful, despite numerous
people assuring me it is easy, and involves
On 2013-09-06 11:58 PM, Ralph Holz wrote:
I'd be surprised if a majority of CAs
insisted on generating the key for you.
No one insists, as far as I know. The problem is that idiocy is
possible and permissible, not that it is mandatory.
___
On 2013-08-25 7:58 AM, James A. Donald wrote:
On 2013-08-25 2:30 AM, � wrote:
hi list,
i had an epiphany today, and i wonder if such a thing already exists
or not.
so the usual thing is to create a key pair, store the private key
encripted with a password. we automatically get a two factor
On 2013-08-20 1:31 AM, ianG wrote:
It's a recurring theme -- there doesn't seem to be enough market
demand for Hardware RNGs.
Every microphone is a hardware RNG
___
cryptography mailing list
cryptography@randombit.net
On 2013-08-21 7:33 AM, grarpamp wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
Jingle supports voice, video, and text messaging.
OTR is a reasonably user friendly encryption system, or at least less
user hostile than most, that, unlike skype, does not suffer a central
point of failure
pidgin supports both jingle and otr, as well as just about everything
else in the
On 2013-08-21 12:33 PM, Peter Saint-Andre wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/20/13 8:31 PM, Natanael wrote:
https://jitsi.org/Documentation/ZrtpFAQ
ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
On 2013-08-21 2:00 PM, Natanael wrote:
Well, the point here is that ZRTP for video and voice pretty much is
functionally equivalent to OTR for IM. OTR is designed for messages,
ZRTP is designed for data streams.
Ah yes, I see:
I was thinking of the problem from a text point of view, where
On 2013-08-18 4:11 PM, Ben Laurie wrote:
If I chose to run Linux, I could fix the version I ran. In fact, I
choose not to run it, so I don't need to.
But if you write software, you don't write it just for your own
computer, so if you write software for linux, you have to write it for
the
On 2013-08-17 4:04 PM, Jon Callas wrote:
The problems run even deeper than the raw practicality. Twenty-nine years ago this month, in the August 1984
issue of Communications of the ACM (Vol. 27, No. 8) Ken Thompson's famous Turing Award lecture,
Reflections on Trusting Trust was published. You
On 2013-08-17 5:57 PM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive requirements, the security geeks want the (P)RNG to block until
On 2013-08-17 10:12 PM, Ben Laurie wrote:
What external crypto can you not fix? Windows? Then don't use
Windows. You can fix any crypto in Linux or FreeBSD.
No you cannot.
So what? BSD's definition is superior. Linux should fix their RNG. Or
these people who you think should implement
At startup, likely to be short of entropy.
Actual behavior, and even existence, of /dev/random and /dev/urandom
varies substantially from one implementation to another.
If /dev/random blocks when short of entropy, then likely to block at
startup, which is good. Services that need entropy do
On Fri, Aug 16, 2013 at 10:01 PM, James A. Donald jam...@echeque.com
wrote:
If /dev/urandom seeded at startup, and then seeded no further, bad, but not
very bad.
If /dev/urandom seeded at startup from /dev/random, then should block at
startup.
If /dev/urandom never blocks, bad. Should block
On 2013-08-14 6:10 AM, Nico Williams wrote:
- it's really not easy to defeat the PRISMs. the problem is
*political* more than technological.
For a human to read all communications would be an impossible burden.
Instead, apply the following algorithm. Identify people of interest.
Read
On 2013-07-28 1:29 PM, Russell Leidich wrote:
Is this to be taken seriously...
Massachusetts Institute of Technology professor Seth Lloyd claims to
have developed a quantum search algo which can search 2^N (presumably
unsorted) records in O(N) time. (This is the subtext of this mundane
On 2013-07-22 9:01 AM, Randall Webmail wrote:
[SNIP]
To derive a DES OTA key, an attacker starts by sending a binary SMS to
a target device. The SIM does not execute the improperly signed OTA
command, but does in many cases respond to the attacker with an error
code carrying a cryptographic
On 2013-07-13 12:20 AM, Eugen Leitl wrote:
It's worth noting that the maintainer of record (me) for the Linux RNG
quit the project about two years ago precisely because Linus decided
to include a patch from Intel to allow their unauditable RdRand to
bypass the entropy pool over my strenuous
On 2013-07-05 6:34 AM, Silas Cutler wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Sorry, long time lurker, first time poster. Hate my first post to be
a negative one.
http://tobtu.com/decryptocat.php
Brief
DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat
On 2013-07-05 7:18 AM, Michael Rogers wrote:
The choice of curve wasn't the problem - they were using Curve25519
but messing up the random number generation.
Ah, I see.
They have company.
___
cryptography mailing list
cryptography@randombit.net
On 2013-07-04 2:11 AM, Wasabee wrote:
On 03/07/2013 13:31, Michael Rogers wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/07/13 13:26, danimoth wrote:
Not directly related to remailer, but what about dc nets [1] ?
[1] The Dining Cryptographers Problem:
Unconditional Sender
On 2013-07-01 9:50 PM, Ben Laurie wrote:
On 1 July 2013 12:32, Tom Ritter t...@ritter.vg wrote:
On 1 July 2013 05:04, Ben Laurie b...@links.org wrote:
On 1 July 2013 01:55, Jacob Appelbaum ja...@appelbaum.net wrote:
So then - what do you suggest to someone who wants to leak a document to
a
On 2013-07-02 8:47 AM, Nico Williams wrote:
On Mon, Jul 1, 2013 at 4:57 PM, grarpamp grarp...@gmail.com wrote:
And when LEA
get caught doing this nothing terribly bad happens to LEA (no officers
go to prison, for example).
It is often in the interest/whim of the executive to decline to
On 2013-06-30 5:13 PM, Danilo Gligoroski wrote:
This was expected.
As Skype definitely ruined its reputation as free end-to-end application for
secure communication, other products are taking their chances.
Agencies showing sudden interest in encrypted comm ---
On 2013-07-01 8:55 AM, Nadim Kobeissi wrote:
On 2013-06-30, at 3:44 AM, James A. Donald jam...@echeque.com wrote:
On 2013-06-30 5:13 PM, Danilo Gligoroski wrote:
This was expected.
As Skype definitely ruined its reputation as free end-to-end application for
secure communication, other
On 2013-06-30 10:21 AM, Natanael wrote:
Of course there's that whole 'almost none of our tools are usable'
problem.
That problem needs fixing first. Only then will our enemies start
bothering with pattern recognition and such.
Right now, the most trivial precautions result in
The biggest Tor vulnerability is that governments and large criminal
organizations (but I repeat myself) can use their influence over a CA to
perform a man in the middle attack.
I don't think they are doing this (as I said, they only bother with the
low hanging fruit) but they could.
Is
On 2013-06-25 1:02 AM, Nadim Kobeissi wrote:
Today, with Cryptocat nearing 65,000 regular users, the Cryptocat project
releases �Cryptocat: Adopting Accessibility and Ease of Use as Security
Properties,� a working draft which brings together the past year of Cryptocat
research and
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure
than RC4, whether you'll be able to design hardware to run at
line-speed is somewhat more questionable though (would be interested
to know if it's possible right enough).
I
On 2013-06-13 12:31 PM, Russell Leidich wrote:
Not to detract from the important discussion of how best to use AES
CTR mode, but I have a more basic question...
I can certainly understand why the discussion of CTR mode is
considered to be boring. I assume that anyone can easily verify that
On 2013-05-26 2:13 AM, Eric S Johnson wrote:
Sauer: We answer to this question: We provide a safe communication
option available. I will not tell you whether we can listen to it or not.
In other words, no evidence there, either.
Oh come on. We will not tell you tells us.
On 2013-05-23 3:28 AM, Florian Weimer wrote:
* Adam Back:
If you want to claim otherwise we're gonna need some evidence.
https://login.skype.com/account/password-reset-request
This is impossible to implement with any real end-to-end security.
Skype's claim was that it was end to end,
On 2013-05-22 5:00 PM, yersinia wrote:
Sorry for the top posting.
Many company are using private social network these days. As usual
someone internal to the organization has the right to record and sniff
also the private traffic. Don't like ? Well, you can always use
services as scrumbls.
Cops just don't put that much work in.
On 2013-05-22 5:41 PM, Jacob Appelbaum wrote:
Yes, yes they do:
http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/
That governments attempt to spy on people is not evidence that they any
good at
On 2013-05-22 4:20 AM, Benjamin Kreuter wrote:
On Tue, 21 May 2013 14:17:02 +1000
James A. Donald jam...@echeque.com wrote:
Police install malware by black bagging, and by the same methods as
botnets. Both methods are noticeable.
I do not think the following scenario is terribly far-fetched
James A. Donald:
No one on my buddy list has been taken over, or if they have, they
took care of it before I noticed.
On 2013-05-21 10:55 AM, Jacob Appelbaum wrote:
That is - how would they notice and if they were being logged, how would
*you* notice on your end?
I would notice, because
On 2013-05-21 3:08 AM, Mark Seiden wrote:
(i know that at least jake and ian understand all the nuances here, probably
better than me.)
bus still, i would like you to consider, for a moment, this question:
suppose there were a service that intentionally wanted to protect recipients of
On 2013-05-21 4:50 AM, Mark Seiden wrote:
you can advise whatever you fancy, but skype, google, microsoft are unlikely
to agree to any such thing unless your client is a Really Big company who
pays them a lot of money. and why should they even bother their lawyers?
pretty much, their service Is
On 2013-05-21 12:41 PM, Jacob Appelbaum wrote:
James A. Donald:
James A. Donald:
No one on my buddy list has been taken over, or if they have, they
took care of it before I noticed.
On 2013-05-21 10:55 AM, Jacob Appelbaum wrote:
That is - how would they notice and if they were being logged
Obviously a secret is no secret the person sending it is not on your
buddy list.
Conversely, it should not be possible to inspect messages if the person
sending it is on your buddy list.
___
cryptography mailing list
cryptography@randombit.net
On 2013-04-05 10:47 AM, James A. Donald wrote:
How does it work? Is it really secure, and if it is, how did they
manage a not one click for security user interface?
Already answered by others on this list. Not secure, apple can MIM
On 2013-03-29 8:23 AM, Jeffrey Goldberg wrote:
I suspect Apple has the methods/processes to provide it.
I have no more evidence than you do, but my guess is that they don't, for
the simple reason that if they did that fact would leak out. Secret
conspiracies (and that's what it would take) grow
On 2013-03-29 10:47 AM, Nico Williams wrote:
There is zero chance Apple would be backdooring anything for profit
They might, however, and very likely are, backdooring everything to
avoid getting their faces broken in with rifle butts.
___
On 2013-03-26 6:21 AM, Jack Lloyd wrote:
I just created a new mailman list
https://lists.randombit.net/mailman/listinfo/cryptopolitics
as a venue for discussions that would normally go to cypherpunks but
hasn't because of the name or spam or whatever reason, and which
are off topic for this list
On 2013-03-24 3:25 AM, Jon Callas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 23, 2013, at 6:36 AM, Ben Laurie b...@links.org wrote:
On 23 March 2013 09:25, ianG i...@iang.org wrote:
Someone on another list asked an interesting question:
Why did OTR succeed in IM
On 2013-03-24 6:28 AM, Ethan Heilman wrote:
Does anyone know where I would be able to find information on what
cryptographic hardware is currently used by Islamic Republic's
military and diplomatic organizations? �What vendors they are using
and what elements of the Iranian government
On 2013-03-21 5:59 PM, ianG wrote:
On 21/03/13 09:52 AM, Tony Arcieri wrote:
A question about crypto-capabilities is: how do you share them securely?
Using a crypto-capability for secure sharing. Which leads to a
boot-strapping problem, of course, but that's part of the fun.
A partial
On 2013-03-17 1:37 PM, Will wrote:
Hello,
I've released a new native OSS crypto library for the JVM that uses
AES-NI, PCLMUL, and RDRAND instructions available on recent x86-64
CPUs:
https://github.com/wg/crypto
It supports AES in CBC, CTR, and GCM modes with optional
authentication,
On 2013-03-06 4:41 AM, StealthMonger wrote:
What's wrong with the following simple idea:
1. p2p: The parties opportunistically verify out-of-band after
exchanging keys via public key servers or (insecure) email.
2. Prospective customer verification of merchant: Merchant includes
the ID of its
James A. Donald jam...@echeque.com writes:
The key, and the hash of the key, is a long string of random
gibberish. It should not be visible to end users. Experience
demonstrates that showing it repels 99% of end users.
On 2013-03-06 9:33 PM, StealthMonger wrote:
Merchant includes its
On 2013-03-06 1:18 AM, Jeffrey Walton wrote:
That's Patient 0. Its the key distribution problem. Its the cause of
all the troubles.
Web of Trust, Hierarchy of Trust, DNSSEC/DANE, Sovereign Keys,
Convergence, {Certificate|Public Key} Pinning, Key Continuity, etc are
all band-aides for the first
On 2013-03-06 4:41 AM, StealthMonger wrote:
2. Prospective customer verification of merchant: Merchant includes
the ID of its signing key in every advertisement and repeatedly
admonishes prospects to Accept No Substitutes.
The key, and the hash of the key, is a long string of random gibberish.
1 - 100 of 295 matches
Mail list logo