OWS:
https://twitter.com/moxie/status/730230320553828352
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
they're easy to screw up.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Wed, Apr 13, 2016 at 10:14 AM, Ron Garret <r...@flownet.com> wrote:
> Is that small enough for you?
>
Yes, that's significantly better. Sorry if I was overly negative before.
--
Tony Arcieri
___
cryptography mailing list
cryptography@r
do you
> think that I should be doing differently? Change the design?
>
Yes, make it significantly smaller than the current form factor.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Wed, Apr 13, 2016 at 2:06 AM, Thierry Moreau <
thierry.mor...@connotech.com> wrote:
> Who wants to be optimistic with respect to threat models in the current IT
> landscape?
I prefer to be realistic about threats, especially when UX tradeoffs are
involved
--
V)
I swear I'm not a paid shill for Yubico, but I'm a fan of small
display-free hardware tokens. While a token like what you've built might
provide Maximum Security under pessimistic threat models, its large size
makes it look rather inconvenient to me.
--
Tony Arcieri
hishing attacks
Not to rain on your parade, but if you're talking about authentication
contexts, U2F solves the phishability problem by deriving domain-separated
keys per origin, so it's not possible for an attacker to leverage it for
phishing purposes.
-
xiv.org/abs/1510.02037
(This specific approach has flaws, but I'd like to see the general idea
better explored)
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
ding private key on all of these systems, and they're a mere
parenthetical in your concerns.
Your threat modeling priorities are, to put it bluntly, pretty fucked up
Greg.
--
Tony Arcieri
___
cryptography mailing list
cryptography@random
On Fri, Nov 27, 2015 at 7:34 PM, Greg wrote:
> I dedicated about a third of the blog post to Dell and basically called
> them liars. I hardly think that counts as a “ parenthetical”.
>
You are literally using it as a pretext to go after Google. Can you point
to a single
and rebuild
their reputation.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Tue, May 12, 2015 at 11:14 AM, Thierry Moreau
thierry.mor...@connotech.com wrote:
I do not want to push any plot theory without a deep understanding of the
ECC fundamentals. But recalling that NSA had prior knowledge of
differential cryptanalysis (versus academia) and prior knowledge of
server. Perhaps you
targeted a single person, and everyone else sees the real version
This is why web pages aren't trustworthy for cryptographic purposes.
I wrote a blog post on this topic:
http://tonyarcieri.com/whats-wrong-with-webcrypto
--
Tony Arcieri
carry cryptographic signatures from their publishers, so you have
end-to-end security.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
like an unauthenticated one time pad.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
cryptanalytic
attention.
More modern deployments of RADIUS have better security options, like
EAP-TTLS which tunnels the traffic through TLS.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
On Wed, Jan 7, 2015 at 6:24 PM, listo factor listofac...@mail.ru wrote:
He did try to sell maiden-voyage seat reservations. I have no idea
if he collected any money, but if he did, I would not blame him,
I would blame those that coughed up their coin.
tl;dr: caveat emptor?
--
Tony Arcieri
as to generate a curve with a one-in-a-million weakness that
only they know how to exploit, the NIST curves are weak in other known ways:
https://safecurves.cr.yp.to
Additionally, newer curves are being picked with an emphasis on performance
--
Tony Arcieri
pause in using the algorithm at all?
Sure, that's why djb and friends are also working on implementing McEliece
and Merkle signatures
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
:
https://en.wikipedia.org/wiki/Product_cipher
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
support. Why not always flip it on if it's available on both sides, even if
it's trivially MitMed?
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
.
tl;dr: if you don't trust proprietary encrypted filesystems, you better not
trust the proprietary OSes they're built into either.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
in a web page is most definitely harmful and insecure.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
by serving JavaScript crypto code over easily-MitMed plaintext
HTTP.
Here are a couple offenders...
#3 Google search result for encrypted chat:
http://www.chatcrypt.com/
Not popular by Google results, but a similarly silly effort:
http://www.peersm.com/
--
Tony Arcieri
On Thu, Jul 10, 2014 at 4:45 PM, John Young j...@pipeline.com wrote:
This is the comsec dilemma. If a product or system becomes mainstream
it is more likely to be overtly and/or covertly compromised.
This is why it's important the client is open source, the binaries are
reproducible, and the
This went to the cypherpunks list, but not to the others:
http://eprint.iacr.org/2014/508
Reversing stealthy dopant level trojans!
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
those monstrosities in our daily lives anymore.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Thu, May 15, 2014 at 1:26 PM, Phillip Hallam-Baker hal...@gmail.comwrote:
JSON is a lot more than 10% better than ASN.1 or XML because both of the
latter are bjorked. XML prefixes are insane
And TLS isn't? ;)
--
Tony Arcieri
___
cryptography
? Are the threats they'd potentially
mitigate realistic? Are there too many other things that can go wrong (e.g.
rewindable VMs) for this to matter?
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
these goals. Every commit will
be approved by multiple people once it has been thoroughly audited.
First up: the choice of a license:
https://github.com/clearcrypt/clearcrypt/pull/1
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
valid
options.
Another one is Trevor Perrin's Noise:
https://github.com/trevp/noise/wiki
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Tue, Apr 29, 2014 at 7:10 PM, tpb-cry...@laposte.net wrote:
Or Certificate Transparency. :-)
And how is that supposed to work?
Here, let me help you out:
http://lmgtfy.com/?q=certificate+transparencyl=1
--
Tony Arcieri
___
cryptography
that all the band-aids
they try to put on these sharp edges are also flawed.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
means?
I think plaintext HTTP should show an lock with a big no sign over it or
something to highlight to users that the connection is insecure.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
.
Anyway, I'd suggest reading a bit more about how it works before dismissing
it out of hand.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
http://clearcryptocode.org/tls/
Probably not going to happen, but it's nice to dream...
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
a multisignature trust system makes it easy to rotate the root
keys: if one is compromised you simply sign a new root key document with t
of n signatures again, listing out the newly reissued public key.
--
Tony Arcieri
___
cryptography mailing list
.
There are also multisignature Bitcoin addresses:
http://bitcoin.stackexchange.com/questions/3718/what-are-multi-signature-transactions
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
looking seeds, continuing until the curve
parameters, after the seed is run through SHA1, fall into the class that's
known to be weak to them.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
is they probably didn't.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
, so we would
expect that Dual_EC_DRBG was their failed attempt to tamper with a
cryptographic standard, and so we would overlook the more sinister and
subtle attempts to tamper with the NIST curves/tinfoilhat
--
Tony Arcieri
___
cryptography mailing list
On Wed, Sep 25, 2013 at 1:07 PM, John Young j...@pipeline.com wrote:
Now that it appears the Internet is compromised
What threat are you trying to prevent that isn't already solved by the use
of cryptography alone?
--
Tony Arcieri
___
cryptography
and were all different.[4]
It's now known that the NSA selected S-boxes that hardened the algorithm
against differential cryptanalysis. Furthermore, 3DES continues to remain a
viable cipher.
See: http://www.cosic.esat.kuleuven.be/publications/article-2335.pdf
--
Tony Arcieri
, which
provides both passive and active forward secrecy. It's unfortunate :(
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
the sort of thing that *should*
be an Internet standard ;)
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
if a cryptanalysis is found for either
of the two ciphers.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
more insecure, which is not the
case despite the ancient scare-language in the manpage. The security of all
stream ciphers rests in secure CSPRNGs. Meanwhile, /dev/random is not
robust:
https://cs.nyu.edu/~dodis/ps/rng.pdf
--
Tony Arcieri
___
cryptography
-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/?comments=1post=25102733#comment-25102733
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
in the context of a thread in which
someone claimed that /dev/random should be used in lieu of /dev/random.
That's all I was pointing out.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
On Fri, Aug 16, 2013 at 12:55 PM, Tony Arcieri basc...@gmail.com wrote:
I was quoting the title of the paper in the context of a thread in which
someone claimed that /dev/random should be used in lieu of /dev/random.
That's all I was pointing out.
Blah, /dev/urandom...
--
Tony Arcieri
Interesting chart:
https://pbs.twimg.com/media/BQYA_qWCEAIoUFT.png
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Mon, Jul 22, 2013 at 8:18 PM, Sean Beck seanmckayb...@lavabit.comwrote:
Does it look encrypted?
Encrypted with a virus
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
. DoS, having compromised only one other host directly.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
/listinfo/cryptography
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Fri, Jun 14, 2013 at 8:25 AM, Noon Silk noonsli...@gmail.com wrote:
there are no known quantum algorithms which offer any serious benefit in
this arena.
o_O
http://en.wikipedia.org/wiki/Shor's_algorithm
--
Tony Arcieri
___
cryptography mailing
On Fri, Jun 14, 2013 at 10:27 AM, Tony Arcieri tony.arci...@gmail.comwrote:
On Fri, Jun 14, 2013 at 8:25 AM, Noon Silk noonsli...@gmail.com wrote:
there are no known quantum algorithms which offer any serious benefit in
this arena.
o_O
http://en.wikipedia.org/wiki/Shor's_algorithm
Also
://lists.randombit.net/mailman/listinfo/cryptography
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
The original Cypherpunks mailing list seems dead.
Is there any list that it's successor?
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
of the Keyspace server attempts to
publish a ciphertext older than what's in the local client cache.
Anyway, have a look, I'd love some feedback ;)
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
, Mar 21, 2013 at 12:07 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Mar 21, 2013 at 2:52 AM, Tony Arcieri tony.arci...@gmail.com
wrote:
https://github.com/livingsocial/keyspace
tl;dr: Keyspace provides least authority client-side encryption for
key/value stores using NaCl's
of the existing NaCl code, the most notable aspect being
the removal of the assembly code which allows Sodium to be fully PIC.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
FRACTALS!
(NOTE: I am using the word fact rather loosely here)
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
/the-anatomy-of-bad-idea.html
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
in Ruby, RbNaCl is one of your best
options.
Enjoy!
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
, if what matters is the API rather than speed, then
achieving PIC is easy: just remove the asm.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
)
3) There's no uniform API for managing client certs from JavaScript
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Here's an implementation of semiprivate keys in SAGE (courtesy DCoder) that
actually works:
https://gist.github.com/tarcieri/40d2eb8e4e8f9ed28b3a
I'm a bit lost as to where I'm going wrong in my NaCl-based implementation
--
Tony Arcieri
? I'm also going to try to double check this with SAGE and make sure
I can actually get things working there.
Also if anyone has any ideas as to how I can describe the security
properties of this system, I'd love some advice in that department.
--
Tony Arcieri
sites (e.g. SpiderOak) trying
to claim to be the first to have invented this concept. I don't know who
did it first, but I'm pretty sure Tahoe was the first to actually get it
right.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
in this way?
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
70 matches
Mail list logo