[cryptography] Announcing the first SHA1 collision

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash

[cryptography] What the World's First Quantum Satellite Launch Means

http://fortune.com/2016/08/16/china-quantum-satellite-launch/ That’s one small step for man, one quantum leap for China. China blasted the world’s first quantum communications satellite into orbit from the Gobi Desert early Tuesday. The project signals the dawn of a potentially game-changing

[cryptography] Symantec to Acquire Blue Coat and Define the Future of Cybersecurity

It feels like there's a loss of separation of concerns between CA unit and the Interception unit under the Symantec umbrella. Given Symantec's track record, I'm kind of suspicious. http://www.symantec.com/about/newsroom/press-releases/2016/symantec_0612_01 MOUNTAIN VIEW, Calif. and SUNNYVALE,

Re: [cryptography] MalwareBytes

On Fri, Jun 24, 2016 at 2:30 PM, Ron Garret wrote: > What matters is not the certificate. The certificate is public. You can’t > “steal" a certificate. > > What you *can* steal is the private key associated with a certificate, and > the more time goes by the more likely it

Re: [cryptography] RDRAND not really random with Oracle Studio 12.3 + patches

> While the code doesn't follow the SDG guidelines (I.E. it doesn't check for > the return status and it doesn't check for the instruction support) it > should work because RdRand doesn't underflow in any of our chips. Is this > running in a VM or on bare metal? I'm not sure. I forwarded it to

Re: [cryptography] RDRAND not really random with Oracle Studio 12.3 + patches

On Fri, Jun 10, 2016 at 7:50 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > Ouch... just came across this... > https://community.oracle.com/thread/2565486?start=0=0 > > I did not think it was possible to foul the hardware generated random > numbers (sans an occasio

[cryptography] RDRAND not really random with Oracle Studio 12.3 + patches

Ouch... just came across this... https://community.oracle.com/thread/2565486?start=0=0 I did not think it was possible to foul the hardware generated random numbers (sans an occasional underflow). Jeff ___ cryptography mailing list

Re: [cryptography] You can be too secure

On Thu, May 5, 2016 at 2:45 PM, Ron Garret wrote: > > On May 5, 2016, at 11:13 AM, Kevin wrote: > >> One can never be to secure! > > Actually, I learned the hard way last week that this is not true. > > Four years ago I bought a 2010 MacBook air from

Re: [cryptography] USG-Apple - 3/22/16 Hearing Procedures, Add 3 USGs

It sounds like its turning into a circus sideshow: ... in addition to Courtroom 4, there will be additional overflow rooms in which the hearing will be shown on video screens. All of these rooms together can accommodate up to a total of 324 spectators. Admission tickets for these seats will be

[cryptography] NIST SP 800-90 B, Random Bit Generators Recommendation for the Entropy Sources Used for Random Bit Generation

http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-B ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Hi all, would like your feedback on something

On Mon, Dec 21, 2015 at 10:39 AM, Brian Hankey wrote: > >> From: Givon Zirkind >> >> On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote: >>> The problem you address is certainly real. And a lot of people have >>> looked at various approaches over the decades. None,

Re: [cryptography] Hi all, would like your feedback on something

> The question we are trying to answer here is how could we all have ultra > strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and > every website, email, social media, etc. service that we use but without > having to trust any third parties to store them for us protected by

Re: [cryptography] "There is something Google can do. So they should do it."

On Fri, Nov 27, 2015 at 5:47 PM, Greg wrote: > Thought this list would be interested in reading about the roll that Google > played in compromising 100k+ users (in addition to Dell): > >

Re: [cryptography] This is bad. THis is really bad. (Isn't it?)

On Wed, Nov 25, 2015 at 9:16 AM, Dave Howe wrote: > On 25/11/2015 12:59, Florian Schütz wrote: >> This is true for Chrome and, I think, for Firefox as well. Some >> enterprises insist on MITMing TLS connections at a proxy, and at least >> Chrome will not break this.

Re: [cryptography] Varoufakis claims had approval to plan parallel banking system for Greece

On Sun, Jul 26, 2015 at 6:38 PM, John Young j...@pipeline.com wrote: Varoufakis claims had approval to plan parallel banking system for Greece http://www.ekathimerini.com/199945/article/ekathimerini/news/varoufakis-claims-had-approval-to-plan-parallel-banking-system Allegedly aided by

Re: [cryptography] RSA signatures without padding

Suppose I have a message M for which I generate an RSA-2048 digital signature as follows: H = SHA-256(M) S = H^d mod N Assume N = p*q is properly generated and d is the RSA private key. And I verify the signature as follows: S^e mod N == H' where H' is the SHA-256 of the

Re: [cryptography] Caspar Bowden has died

On Thu, Jul 9, 2015 at 10:12 AM, John Young j...@pipeline.com wrote: Privacy activist Caspar Bowden has died https://translate.google.com/translate?sl=autotl=enjs=yprev=_thl=enie=UTF-8u=https%3A%2F%2Fnetzpolitik.org%2F2015%2Fdatenschutz-aktivist-caspar-bowden-ist-gestorben%2Fedit-text= Oh wow.

Re: [cryptography] chromium: unconditionally downloads binary blob

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading Chrome Hotword Shared Module extension, which contains a binary without source code. There

Re: [cryptography] LastPass have been hacked, so it seems.

On Tue, Jun 16, 2015 at 9:24 AM, Givon Zirkind givo...@gmx.com wrote: keeping something safe in the cloud inherently requires trusting a third party. yeah, that says it all. Right. And third parties cannot protect against the threat posed by officers of the court/legal jurisdiction. (Are

Re: [cryptography] OpenPGP in Python: Security evaluations?

The main problem we were interested in solving here was to be able to keep key management tasks within a single memory address space, to avoid the problems relating to securely sending passphrases to other processes, and to be able to use the keys without the additional disk IO involved in

Re: [cryptography] Designing a key stretching crypto that maximize use of WebCrypto?

On Mon, May 4, 2015 at 2:10 AM, Fabio Pietrosanti (naif) - lists li...@infosecurity.ch wrote: Hi all, testing the lovely slowness of a pure scrypt implementation in javascript running into the browser, i was wondering anyone ever tried to think/design an cryptosystem for key stretching

Re: [cryptography] AES Implementation

On Tue, May 12, 2015 at 5:47 AM, Givon Zirkind givo...@gmx.com wrote: Hi, Can anyone recommend an open source AES library in some flavor of C? It depends on your goals and threat models. If any old library will do, then check out https://wiki.openssl.org/index.php/Related_Links and

[cryptography] Chinese CA banned in Chrome

Chinese CA banned in Chrome: http://arstechnica.com/security/2015/04/google-chrome-will-banish-chinese-certificate-authority-for-breach-of-trust/ Apple is not following suit with this: https://threatpost.com/apple-leaves-cnnic-root-in-ios-osx-certificate-trust-lists/112086

Re: [cryptography] GeoTrust Launches GeoRoot; Allows Organizations with Their Own Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public Root

On Sun, Apr 5, 2015 at 6:25 PM, ITechGeek i...@itechgeek.com wrote: So does this mean Iran the like can stop hacking CAs and buy their own Geotrust cert to MITM their population? Yeah, its been around for a while. What's surprising is (or maybe not) is the CA is still not constraining the

[cryptography] GeoTrust Launches GeoRoot; Allows Organizations with Their Own Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public Root

http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html It appears Google's Internet Authority G2 (https://pki.google.com) could be part of this program since the

Re: [cryptography] SRP 6a + storage of password's related material strength?

On Fri, Mar 13, 2015 at 5:06 PM, Fabio Pietrosanti (naif) - lists li...@infosecurity.ch wrote: On 3/13/15 3:11 PM, Solar Designer wrote: Because SRP protocol is cool, but i'm really wondering if the default methods are strong enough against bruteforcing. They are not. That was my concern.

[cryptography] OT: THE GREAT SIM HEIST

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/ AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according

Re: [cryptography] Just how bad is OpenSSL ?

The source code is mostly written to the OpenSSL coding standards, which are seriously different from any other coding standard I've seen (it's not Linux/KR, nor GNU, nor Microsoft, nor Sun/Oracle). Nonconformance with the coding standards in later patches is very common, so it's a mishmash

Re: [cryptography] John Gilmore: Cryptography list is censoring my emails

On Thu, Jan 1, 2015 at 1:48 PM, Sadiq Saif li...@sadiqs.com wrote: On 1/1/2015 13:40, Adam Back wrote: nah what am I thinking probably! 1988 if not earlier, 27 years :) The point is block lists suck, they're always blocking false things, and vigilante abusive takes 3x longer to take you off

[cryptography] Misuses/abuses of Sony's compromised root certificate?

Has anyone come across any reports of abuse due to Sony's compromised root? I believe its named Sony Corp. CA 2 Root? I did not find it in the Windows 8.1 certificate store. Are any of the browsers carrying it around? ___ cryptography mailing list

Re: [cryptography] Question About Best Practices for Personal File Encryption

On Sun, Aug 17, 2014 at 12:09 AM, Jeffrey Goldberg jeff...@goldmark.org wrote: On 2014-08-16, at 4:51 PM, David I. Emery d...@dieconsulting.com wrote: On Sat, Aug 16, 2014 at 04:21:53PM -0500, Christopher Nielsen wrote: The comment about Apple is simply false. Apple does not have a key to

Re: [cryptography] Question About Best Practices for Personal File Encryption

On Sat, Aug 16, 2014 at 5:21 PM, Christopher Nielsen m4dh4t...@gmail.com wrote: On Aug 15, 2014 11:06 PM, Mark Thomas mark00tho...@gmail.com wrote: I have a question for the group, if I may ask it here and in this manner (?). What are you guys using to encrypt individual files and folders or

Re: [cryptography] A post-spy world

On Mon, Aug 11, 2014 at 4:52 PM, John Young j...@pipeline.com wrote: We are moving toward a post-spy world, according to the guy that runs the CIA’s venture capital arm. http://www.defenseone.com/technology/2014/08/10-ways-make-internet-safe-cyber-attacks/90866/?oref=d-channelriver The video

Re: [cryptography] Implementing constant-time string comparison

On Wed, Jun 18, 2014 at 5:18 PM, D. J. Bernstein d...@cr.yp.to wrote: ... would be unable to shortcut the loop if the arguments were merely declared as pointers to volatile storage The compiler would be required to access the storage but would still be allowed to skip the intermediate

Re: [cryptography] new OpenSSL exploitable bug?

On Thu, Jun 5, 2014 at 8:17 AM, ianG i...@iang.org wrote: Another in the rash of weaknesses. This might mean that the fabled many eyeballs have opened up? https://www.openssl.org/news/secadv_20140605.txt An attacker using a carefully crafted handshake can force the use of weak keying

Re: [cryptography] TrueCrypt

Does anyone know if Greenwald or Poitras are holding relevant documents? Dr. Schneier does not have much to add: I have no idea what's going on with TrueCrypt. On Wed, May 28, 2014 at 4:35 PM, Sadiq Saif li...@sadiqs.com wrote: http://truecrypt.sourceforge.net/

[cryptography] OT: Snowden Interview

The interview is airing tonight. http://www.nbcnews.com/storyline/nsa-snooping/exclusive-edward-snowden-gives-wide-ranging-interview-brian-williams-n110351 ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] Best practices for paranoid secret buffers

On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote: Can anyone point me at some best practices for implementing buffer types for storing secrets? There are the general coding rules at cryptocoding.net for example, that say you should use unsigned bytes and zero memory when

Re: [cryptography] Request - PKI/CA History Lesson

For me the sentence, “I had little choice but to trust X” is perfectly coherent. Is it possible that you are letting your righteous anger at what browser vendors have done interfere with how you are defining “trust”? That's the question with the elusive answer: how do you define trust. One

Re: [cryptography] Request - PKI/CA History Lesson

On Wed, Apr 30, 2014 at 10:07 AM, Marcus Brinkmann marcus.brinkm...@ruhr-uni-bochum.de wrote: On 04/30/2014 02:59 PM, d...@geer.org wrote: As is so often found, there are multiple nuanced definitions of a word, trust being the word in the current case. Simply as a personal definition, trust

Re: [cryptography] Request - PKI/CA History Lesson

On Mon, Apr 28, 2014 at 8:20 PM, Ryan Carboni rya...@gmail.com wrote: One can always start with the difficult first step of uninstalling certificate authorities you do not trust. Opera will autorepair damage to the certificate repository, a missing Certificate Authority is considered damage.

[cryptography] OT: Speeding up and strengthening HTTPS connections for Chrome on Android

Somewhat off-topic, but Google took ChaCha20/Poly1305 live. http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html Earlier this year, we deployed a new TLS cipher suite in Chrome that operates three times faster than AES-GCM on devices that don’t have AES

[cryptography] NSA Said to Exploit Heartbleed Bug for Intelligence for Years

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather

[cryptography] Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013 Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday's public disclosure of the vulnerability. It

Re: [cryptography] [Cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL

On Tue, Apr 8, 2014 at 6:46 AM, ianG i...@iang.org wrote: On 7/04/2014 22:53 pm, Edwin Chu wrote: ... E.g., if we cannot show any damages from this breach, it isn't worth spending a penny on it to fix! Yes, that's outrageous and will be widely ignored ... but it is economically and

Re: [cryptography] Client certificates, Tor-exit nodes and renegotiation

On Thu, Apr 3, 2014 at 4:41 AM, Guido Witmond gu...@witmond.nl wrote: On 04/03/14 01:31, Ryan Carboni wrote: hackers will always take the path of least resistance as rational human beings you will see more trojans in the wild as a result of this Agreed, when passive spying is impossible,

Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets

On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's

Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets

and Windows combined. Jeff On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants

Re: [cryptography] Comsec as Public Utility Beyond Illusory Privacy

Freedom of comsec, say, as a new entry in the US Bill of Rights could lead the way for it to be a fundamental element of Human Rights. The Right to Privacy by Warren and Brandeis (1890) FTW! NSA's ubiquitous spying on everybody at home and elsewhere with technology beyond accountability does

[cryptography] OT: Possible Backdoor in SSL/TLS Implementation

Related to the earlier threads Design Strategies for Defending against Backdoors and Backdoors in software. https://www.imperialviolet.org/2014/02/22/applebug.html ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] Snowden Drop to Poitras and Greenwald Described

On Sat, Feb 8, 2014 at 6:28 PM, John Young j...@pipeline.com wrote: http://cryptome.org/2014/02/snowden-drop.pdf (7.6MB) That should be titled, How Greenwald nearly missed the scoop of the millennium. It appears the man did nearly everything in his power to undermine the contacts and the

Re: [cryptography] NSA, FBI creep rule of law, democracy itself (Re: To Protect and Infect Slides)

(Sorry to top post - I want to cherry pick one point). What is a game changer is the relationship between the NSA and the other USA civilian agencies. The breach of the civil/military line is the one thing that has sent the fear level rocketing sky high, Information sharing among agencies

Re: [cryptography] pie in sky suites - long lived public key pairs for persistent identity

On Sat, Jan 4, 2014 at 4:26 AM, ianG i...@iang.org wrote: On 3/01/14 22:42 PM, coderman wrote: use case is long term (decade+) identity rather than privacy or session authorization. ... Which in today's world is pointing to the phone. If we're talking the identity on the phone, we're now

Re: [cryptography] To Protect and Infect Slides

On Wed, Jan 1, 2014 at 7:22 AM, coderman coder...@gmail.com wrote: On Wed, Jan 1, 2014 at 3:56 AM, Ralph Holz h...@net.in.tum.de wrote: Hi Jake, Ian Grigg just made a point on metzdowd that I think is true: if you want to change the NSA, you need to address the [...] [... money] Because the

Re: [cryptography] New Hand Cipher - The Drunken Bishop

On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce aaron.topo...@gmail.com wrote: ... I've thought of incorporating Blum Blum Shub into the algorithm, but then the cipher is getting decidedly difficult to execute by hand. BBS is not practical in practice due to the size of the moduli required. You

Re: [cryptography] Can we move to a forum, please?

On Thu, Dec 26, 2013 at 12:59 AM, Eric Mill e...@konklone.com wrote: ... I've been distantly watching http://www.discourse.org and I like their vision. I believe they allow, or want to allow, email-only interaction. I don't know if it does, and I don't know if Discourse is easy to set up, or

[cryptography] Practical malleability attack against CBC-Encrypted LUKS partitions

[Originally sent to Full Disclosure] http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ I. Abstract The most popular full disk encryption solution for Linux is LUKS (Linux Unified Key Setup), which provides an easy to use encryption

[cryptography] Exclusive: Secret contract tied NSA and security industry pioneer

(Thanks to PF on another list) http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 (Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10

[cryptography] Diffie-Hellman Params Best Practice on Web Server?

Hi All, Is there a best practice for Diffie-Hellman parameters (p, g, and q) used on a web server? The server is using ephemeral keys, but should the parameters be rotated on a regular basis ? Is it OK for the server to keep them fixed for years (in the source code)? Or should they be generated

Re: [cryptography] [Cryptography] Email is unsecurable

On Wed, Nov 27, 2013 at 3:34 PM, Nico Williams n...@cryptonector.com wrote: On Wed, Nov 27, 2013 at 08:01:19PM +, Stephen Farrell wrote: On 11/27/2013 06:58 PM, Nico Williams wrote: [...] The problem with DANE is the lack of DNSSEC. If we had both [...] When I refer to DANE, I also

[cryptography] Lavabit-DOJ dispute zeroes in on encryption key ownership

http://www.computerworld.com/s/article/9244057/Lavabit_DOJ_dispute_zeroes_in_on_encryption_key_ownership The government's insistence, in its dispute with Lavabit, that cloud service providers hand over their encryption keys when asked, has refocused attention of key ownership and management in

[cryptography] Password Blacklist that includes Adobe's Motherload?

Hi All, Is anyone aware of a blacklist that includes those 150 million records from Adobe's latest breach? I tried finding a list and was not successful. Bonus points if implemented as a bloom filter (I'm interested in seeing how small that list can be in practice, and I'd like to use it for its

Re: [cryptography] Snowden: Fabricating Digital Keys?

On Tue, Jun 25, 2013 at 5:17 PM, Bill Scannell b...@scannell.org wrote: This Daily Beast story on Causa Snowden (http://www.thedailybeast.com/articles/2013/06/25/greenwald-snowden-s-files-are-out-there-if-anything-happens-to-him.html) contains the following sentence: Last week NSA Director

Re: [cryptography] the spell is broken

On Sat, Oct 5, 2013 at 3:13 PM, Erwann Abalea eaba...@gmail.com wrote: 2013/10/4 Paul Wouters p...@cypherpunks.ca [...] People forget the NSA has two faces. One side is good. NIST and FIPS and NSA are all related. One lesson here might be, only use FIPS when the USG requires it. That said,

Re: [cryptography] Curve25519 OID (was: Re: the spell is broken)

On Sat, Oct 5, 2013 at 7:35 PM, Patrick Pelletier c...@funwithsoftware.org wrote: On 10/5/13 2:47 PM, Jeffrey Walton wrote: Do you know if there's a standard name and OID assigned to Dr. Bernstein's gear? IETF only makes one mention of 25519 in the RFC search, and its related to TLS

Re: [cryptography] the spell is broken

On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald jam...@echeque.com wrote: On 2013-10-04 11:41, Jeffrey Walton wrote: We could not get rid of Trustwave in the public sector (so much for economics). What is wrong with trustwave? The company operates in an industry where trust is a commodity

Re: [cryptography] the spell is broken

On Thu, Oct 3, 2013 at 9:26 PM, Jeffrey Goldberg jeff...@goldmark.org wrote: ... I would put it more strongly than that. I think that NIST needs to be punished. Even if Dual_EC_DRBG were their only lapse, any entity that has allowed themselves to be used that way should be forced to exit the

Re: [cryptography] [Cryptography] What is Intel(R) Core™ vPro™ Technology Animation

On Sun, Sep 22, 2013 at 7:56 PM, d.nix d@comcast.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/22/2013 2:23 PM, Jerry Leichter wrote: On Sep 21, 2013, at 10:05 PM, d.nix wrote: Hah hah hah. Uh, reading between the lines, color me *skeptical* that this is really what it

Re: [cryptography] Using same key for ECDSA and ECIES

On Fri, Sep 20, 2013 at 2:35 PM, Dominik Schürmann domi...@dominikschuermann.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... After reading related literature, I came to the conclusion to use ECDSA and ECIES (Both with Koblitz curves, as I am sceptical about the random curves ;),

Re: [cryptography] It's time for a Whistleblowing / Leaking Initiative for Cryptographer ?

On Mon, Sep 16, 2013 at 5:17 PM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: http://threatpost.com/uk-cryptographers-call-for-outing-of-deliberately-weakened-protocols-products/102301 Right now, whistle blowers are vilified in the US. Just ask Jesselyn Radack, Thomas Drake, William

Re: [cryptography] motivation, research ethics organizational criminality (Re: Forward Secrecy Extensions for OpenPGP: Is this still a good proposal?)

On Sat, Sep 14, 2013 at 7:08 PM, Jeffrey Goldberg jeff...@goldmark.org wrote: On 2013-09-13, at 9:28 AM, David D da...@7tele.com wrote: ... Obviously, we should insist on due process for the NSA stooges. If they confess their activities and name their co-conspirators, we may allow them some

[cryptography] What is Security World architecture?

I was reading on a HSM, and the marketing literature stated, ... because it utilizes the Security World architecture, XXX provides an ideal combination of high assurance and operational ease. What is Security World architecture? What are the criteria used for high assurance and operational ease?

Re: [cryptography] What is Security World architecture?

On Wed, Sep 11, 2013 at 12:41 AM, Ben Laurie b...@links.org wrote: On 11 September 2013 01:17, Jeffrey Walton noloa...@gmail.com wrote: I was reading on a HSM, and the marketing literature stated, ... because it utilizes the Security World architecture, XXX provides an ideal combination

Re: [cryptography] Random number generation influenced, HW RNG

On Sat, Sep 7, 2013 at 1:48 PM, David Johnston d...@deadhat.com wrote: On 9/6/2013 2:03 PM, grarpamp wrote: ... However, I claim that the fear is well founded and should be taken into account by all threat models. It interesting to consider the possibilities of corruption and deception that

Re: [cryptography] Compositing Ciphers?

, gyroscopes, magnetometers), and practices hedging. I'm more worried about key exchange or agreement. Jeff On Sat, Sep 7, 2013 at 2:27 AM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, With all the talk of the NSA poisoning NIST, would it be wise to composite ciphers? (NY Times, Guardian

Re: [cryptography] Android SecureRandom poor entropy

On Sun, Aug 25, 2013 at 4:45 PM, Marco Pozzato mpodr...@gmail.com wrote: ... Recently, android SecureRandom PRNG proved to be seriously flawed (http://android-developers.blogspot.it/2013/08/some-securerandom-thoughts.html) because, by default, it is not properly initialized with good entropy.

[cryptography] Reflection Attacks in Challenge/Response Protocols

Hi All, When a symmetric key based challenge response is used, an attacker can perform a reflection attack by starting a second instance of a protocol and having the server answer its own questions. To guard against the attack, is it sufficient to ensure all challenges sent from server to client

Re: [cryptography] urandom vs random

On Mon, Aug 19, 2013 at 9:20 AM, Aaron Toponce aaron.topo...@gmail.com wrote: ... It's a shame http://entropykey.co.uk is no longer in business. I was able to procure 5 entropy keys just before they folded, and they're awesome. Yeah, I really liked EntropyKey. I tried to place an order last

Re: [cryptography] urandom vs random

Toponce aaron.topo...@gmail.com wrote: On Mon, Aug 19, 2013 at 09:41:20AM -0400, Jeffrey Walton wrote: Yeah, I really liked EntropyKey. I tried to place an order last year (or early this year). It was never fulfilled and no one responded. I knew the were having some troubles, but I could

Re: [cryptography] urandom vs random

On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote: ... Also, if there are other sources, why are they not being fed in to the system PRNG? Linux 3.x kernels decided to stop using IRQ interrupts (removal of the IRQF_SAMPLE_RANDOM flag, without an alternative to gather entropy).

Re: [cryptography] Reply to Zooko (in Markdown)

On Sat, Aug 17, 2013 at 3:49 AM, Bryan Bishop kanz...@gmail.com wrote: On Sat, Aug 17, 2013 at 1:04 AM, Jon Callas j...@callas.org wrote: It's very hard, even with controlled releases, to get an exact byte-for-byte recompile of an app. Some compilers make this impossible because they

Re: [cryptography] Expired/Revoked certificates + private keys

On Fri, Aug 16, 2013 at 11:03 AM, Dominik Schürmann domi...@dominikschuermann.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For a research project on OCSP, we are searching for expired and revoked X.509 certificates with their corresponding private keys. Any help or pointers to

Re: [cryptography] Paypal phish using EV certificate

On Tue, Aug 13, 2013 at 5:10 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: I recently got a another of the standard phishing emails for Paypal, directing me to https://email-edg.paypal.com, which redirects to https://view.paypal-communication.com, which has a PayPal EV certificate from

Re: [cryptography] NSA Today on Missions, Authorities, Oversight, Partnershps

On Fri, Aug 9, 2013 at 4:14 PM, John Young j...@pipeline.com wrote: NSA statement today on Missions, Authorties, Oversight, Partnerships: http://cryptome.org/2013/08/nsa-13-0809.pdf This was probably one of the more amusing statements. Perhaps William Binney would have a different opinion: In

Re: [cryptography] Updated Certificate Transparency site

On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote: ... If everyone does their part CT causes the risk of dishonest CA behavior discovery to become to great for CAs to engage in such behavior. Sorry to

Re: [cryptography] Must have seemed like a good idea at the time

On Tue, Jul 23, 2013 at 4:54 AM, ianG i...@iang.org wrote: ... Banks will say that international wires are irreversible, but it isn't true. If the banks cooperate they can do a return of funds. It all depends... This was kind of interesting: According to Li, the larger problem [of Chinese

Re: [cryptography] Snowden: Fabricating Digital Keys?

On Tue, Jun 25, 2013 at 5:17 PM, Bill Scannell b...@scannell.org wrote: This Daily Beast story on Causa Snowden (http://www.thedailybeast.com/articles/2013/06/25/greenwald-snowden-s-files-are-out-there-if-anything-happens-to-him.html) contains the following sentence: Last week NSA Director

Re: [cryptography] [liberationtech] Random number generator, failure in Rasperri Pis?

On Sat, Jul 20, 2013 at 2:57 AM, Peter Bowen pzbo...@gmail.com wrote: On Fri, Jul 19, 2013 at 10:35 PM, Yaron Sheffer yar...@porticor.com wrote: A few months ago I posted a query to the Amazon Web Services (the largest public cloud, running on Xen) forum on whether they're using libvirt for

Re: [cryptography] [liberationtech] Heml.is - The Beautiful Secure Messenger

On Tue, Jul 16, 2013 at 5:04 AM, coderman coder...@gmail.com wrote: ... in short: rather than considering just one or another type of attack, these agencies should be assumed to be using all of them with the exploit method tailored to the particular access needs and target difficulty of

Re: [cryptography] skype backdoor confirmation

On Thu, May 16, 2013 at 3:52 PM, Adam Back a...@cypherspace.org wrote: So when I saw this article http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html I was disappointed the rumoured skype backdoor is claimed to be real, and that

Re: [cryptography] [liberationtech] Heml.is - The Beautiful Secure Messenger

On Mon, Jul 15, 2013 at 7:27 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jul 12, 2013 at 10:29:49PM +0300, ianG wrote: Not to mention, Intel have been in bed with the NSA for the longest time. Secret areas on the chip, pop instructions, microcode and all that ... A more interesting

Re: [cryptography] Is the NSA now a civilian intelligence agency? (Was: Re: Snowden: Fabricating Digital Keys?)

On Mon, Jul 1, 2013 at 6:47 PM, Nico Williams n...@cryptonector.com wrote: On Mon, Jul 1, 2013 at 4:57 PM, grarpamp grarp...@gmail.com wrote: And when LEA get caught doing this nothing terribly bad happens to LEA (no officers go to prison, for example). It is often in the interest/whim of

Re: [cryptography] Is the NSA now a civilian intelligence agency? (Was: Re: Snowden: Fabricating Digital Keys?)

for potential crimes they've committed. (At least, that's what they tell us - if you don't do anything wrong, then you don't have anything to worry about). On Jul 2, 2013 12:55 AM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Jul 1, 2013 at 6:47 PM, Nico Williams n...@cryptonector.com

Re: [cryptography] Snowden: Fabricating Digital Keys?

On Tue, Jun 25, 2013 at 5:47 PM, Mark Seiden m...@seiden.com wrote: maybe he just used other people's ssh keys that were protected by a weak (or no) passphrase? fabricate is a pretty strong word, but under the least untruthful standard that James Clapper says he's applied to congressional

Re: [cryptography] skype backdoor confirmation

On Wed, May 22, 2013 at 10:07 AM, Mark Seiden m...@seiden.com wrote: On May 22, 2013, at 5:59 AM, Jacob Appelbaum ja...@appelbaum.net wrote: James A. Donald: http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ That governments attempt to

Re: [cryptography] skype backdoor confirmation

On Sat, May 18, 2013 at 3:15 PM, Adam Back a...@cypherspace.org wrote: Actually I think that was the point, as far as anyone knew and from the last published semi-independent review (some years ago on the crypto list as I recall) it indeed was end2end secure. Many IM systems are not end2end so

Re: [cryptography] skype backdoor confirmation

On Mon, May 20, 2013 at 1:30 PM, Nico Williams n...@cryptonector.com wrote: On Mon, May 20, 2013 at 12:22 PM, Jeffrey Walton noloa...@gmail.com wrote: The original Skype homepage (circa 2003/2004) claims the service is secure: Skype calls have excellent sound quality and are highly secure

Re: [cryptography] skype backdoor confirmation

On Mon, May 20, 2013 at 8:55 PM, Jacob Appelbaum ja...@appelbaum.net wrote: James A. Donald: ... Zombie computers are seldom of high value. Some malware is designed to keep people communicating, under heavy watch; it is not always designed to abuse a system the traditional manner befitting

[cryptography] Question on Handling of Authenticated Plaintext Data

Hi All, I'm having trouble finding a reference to the way additional data is authenticated. In the past, I simply used the following (under an independent key): tag = HMAC(AAD, Ciphertext) Recently, I came across a post by Dr. Bernstein [1] that states I find it quite strange to see a call

Re: [cryptography] skype backdoor confirmation

On Sat, May 18, 2013 at 9:49 AM, Adam Back a...@cypherspace.org wrote: On Fri, May 17, 2013 at 04:52:07AM -0400, bpmcontrol wrote: On 05/17/2013 04:19 AM, Eugen Leitl wrote: It is unreasonable for an closed source product by a commercial vendor to go any other way [putting backdoors in

  1   2   3   >