On Fri, Apr 22, 2016 at 04:49:54PM +0200, Sven M. Hallberg wrote:
> > I developed a different approach, which I call Linux Random Number Generator
> > (LRNG) to collect entropy within the Linux kernel. The main improvements
> > compared to the legacy /dev/random is to provide sufficient entropy
For at least 15 years there's been general grumbling that the MD5 based
stream cipher used for confidentiality in RADIUS looks like snake oil.
Given how widely used the protocol is, and the failure of various successor
protocols (cute names and all -- TANGENT anyone?) I have always been surprised
On Sun, Sep 08, 2013 at 03:00:39PM +1000, James A. Donald wrote:
On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote:
On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote:
Well, since you personally did this, would you care to explain the
very strange design decision to whiten
On Sun, Sep 08, 2013 at 08:34:53AM +1000, James A. Donald wrote:
Well, since you personally did this, would you care to explain the
very strange design decision to whiten the numbers on chip, and not
provide direct access to the raw unwhitened output.
You know as soon as anyone complained
On Fri, Aug 16, 2013 at 10:33:11PM -0400, shawn wilson wrote:
On Fri, Aug 16, 2013 at 10:01 PM, James A. Donald jam...@echeque.com wrote:
At startup, likely to be short of entropy.
If /dev/urandom seeded at startup, and then seeded no further, bad, but not
very bad.
If /dev/urandom
On Wed, Jul 17, 2013 at 03:50:50AM -0400, William Allen Simpson wrote:
On 7/16/13 11:15 AM, Matthew Green wrote:
http://www.isg.rhul.ac.uk/tls/RC4biases.pdf
Thanks for bringing this pre-print link to my attention!
In summary, don't use RC4. Don't use it carelessly with IVs. And don't use
On Tue, Jul 16, 2013 at 03:23:01AM -0400, William Allen Simpson wrote:
On 6/22/13 8:24 PM, Greg Rose wrote:
On Jun 22, 2013, at 15:31 , James A. Donald jam...@echeque.com wrote:
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure
to encryption?
--
Thor Lancelot Simon t...@panix.com
It's very complicated. It's very cumbersome. There's a
lot of numbers involved with it.
___
cryptography mailing list
cryptography
What do you do if even they don't know? Today I tried to help someone
who was mid-transaction on Amex's cardholder web site, associating a
new card with their account, when the next step of their process hopped
us over to https://www203.americanexpress.com.
Which has an EV certificate from
On Mon, Jul 02, 2012 at 01:26:20PM -0400, Matthew Green wrote:
More generally, padding oracle attacks exist against OAEP as well
(Manger's attack). In practice you typically have to construct the
oracle by measuring a timing differential in the decryption process.
That's hard over a network,
On Mon, Jun 18, 2012 at 09:58:59PM -0700, coderman wrote:
this is very useful to have in some configurations (not just testing).
for example: a user space entropy daemon consuming raw, biased,
un-whitened, full throughput bits of lower entropy density which is
run through sanity checks,
On Tue, Jun 19, 2012 at 07:35:03PM -0700, coderman wrote:
is there any literature on the typical failure modes of TRNG/entropy
sources in deployed systems?
my understanding is that they tend to fail catastrophically, in a way
easily detected by FIPS sanity checks. E.g. clearly broken.
I
On Tue, Jun 12, 2012 at 10:51:59AM -0500, Marsh Ray wrote:
What is unclear is if there are any effective costs or rate
limitations on how often one can 'activate' an MSTS license server.
A compute cluster faster than 200 PS3s could cut down on the number
of license certs that were burned to
On Mon, Jun 04, 2012 at 10:20:33AM +0200, Erwann Abalea wrote:
It's also not clear about what could have been done with TS certificates.
Is it only codesigning, or TLS server as well?
I'm surprised they can be used for code signing at all. TS (in its modern
incarnation) is a TLS-encapsulated
On Tue, Apr 24, 2012 at 12:07:33PM -0500, Nico Williams wrote:
On Tue, Apr 24, 2012 at 11:20 AM, Marsh Ray ma...@extendedsubset.com wrote:
On 04/23/2012 08:47 PM, Peter Maxwell wrote:
I look at it this way:
* Revocation is junk. It doesn't work. It especially doesn't work when an
On Sat, Feb 25, 2012 at 05:08:44AM +1000, James A. Donald wrote:
If the users of bitcoin are primarily criminals, that is pretty much
what the founders intended. Every middle class man of affairs and
business commits three felonies a day.
The paper presupposes that criminals are such
On Sat, Feb 18, 2012 at 12:57:30PM -0500, Jeffrey I. Schiller wrote:
The problem is that ssh-keygen uses /dev/urandom and it should really
use /dev/random. I suspect that once upon a time it may have (I don't
have the history off hand) and someone got annoyed when it blocked and
solved the
On Tue, Feb 14, 2012 at 03:51:16PM +0100, Ralph Holz wrote:
Hi,
Well I am not sure how they can hope to go very far underground. Any and
all users on their internal network could easily detect and anonymously
report the mitm cert for some public web site with out any significant risk
On Tue, Feb 14, 2012 at 09:13:11PM +0100, Ralph Holz wrote:
It is not so hard really to see the conceptual difference between the two
cases. But to tools like Crossbear, they basically look the same.
Why? Crossbear sends the full certificate chain it sees to the CB
server, where it is
On Tue, Feb 14, 2012 at 09:35:45PM +0100, Ralph Holz wrote:
As Crossbear's assessment is not something everyday users will
understand, we ourselves view Crossbear as the tool that, e.g., a
travelling security afficionado/hacker/interested person might want to
use, but not your average guy.
On Thu, Jan 05, 2012 at 12:45:14PM +1300, Peter Gutmann wrote:
Thor Lancelot Simon t...@panix.com writes:
However, while looking at it I have been wondering why something simpler and
better analyzed than the folded SHA should not be used.
Folding the output is belt-and-suspenders security
On Fri, Jan 06, 2012 at 07:59:30AM +1100, ianG wrote:
The way I treat this problem is that it is analogous to inventing
ones own algorithm. From that perspective, one can ask:
What is? The folded SHA, or the use of HMAC?
You do understand why it's important to obscure what's mixed back in,
. HMAC(K1, pool) is computed,
producing R, which is returned to the caller.
HMAC(K2, pool) is computed and mixed back into the entropy
pool as input.
I would appreciate comments on this general idea.
--
Thor Lancelot Simon
On Tue, Jan 03, 2012 at 01:57:10AM -0500, Randall Webmail wrote:
There is one girl (and it is always a girl) who is at the control center.
She comes to the checkout station to override the system when the shopper
scans beer. No one watches to see if you scan every item in your cart.
On Fri, Dec 09, 2011 at 01:01:05PM -0800, Jon Callas wrote:
If you have a certificate issue a revocation for itself, there is an obvious,
correct interpretation. That interpretation is what Michael Heyman said, and
what OpenPGP does. That certificate is revoked and any subordinate
25 matches
Mail list logo