Re: [cryptography] Open Whisper Systems intellectual property dispute

OWS: https://twitter.com/moxie/status/730230320553828352 -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Kernel space vs userspace RNG

they're easy to screw up. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

On Wed, Apr 13, 2016 at 10:14 AM, Ron Garret <r...@flownet.com> wrote: > Is that small enough for you? > Yes, that's significantly better. Sorry if I was overly negative before. -- Tony Arcieri ___ cryptography mailing list cryptography@r

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

do you > think that I should be doing differently? Change the design? > Yes, make it significantly smaller than the current form factor. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

On Wed, Apr 13, 2016 at 2:06 AM, Thierry Moreau < thierry.mor...@connotech.com> wrote: > Who wants to be optimistic with respect to threat models in the current IT > landscape? I prefer to be realistic about threats, especially when UX tradeoffs are involved --

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

V) I swear I'm not a paid shill for Yubico, but I'm a fan of small display-free hardware tokens. While a token like what you've built might provide Maximum Security under pessimistic threat models, its large size makes it look rather inconvenient to me. -- Tony Arcieri

Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

hishing attacks Not to rain on your parade, but if you're talking about authentication contexts, U2F solves the phishability problem by deriving domain-separated keys per origin, so it's not possible for an attacker to leverage it for phishing purposes. -

Re: [cryptography] a new blockchain POW proposal

xiv.org/abs/1510.02037 (This specific approach has flaws, but I'd like to see the general idea better explored) -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] "There is something Google can do. So they should do it."

ding private key on all of these systems, and they're a mere parenthetical in your concerns. Your threat modeling priorities are, to put it bluntly, pretty fucked up Greg. -- Tony Arcieri ___ cryptography mailing list cryptography@random

Re: [cryptography] "There is something Google can do. So they should do it."

On Fri, Nov 27, 2015 at 7:34 PM, Greg wrote: > I dedicated about a third of the blog post to Dell and basically called > them liars. I hardly think that counts as a “ parenthetical”. > You are literally using it as a pretext to go after Google. Can you point to a single

Re: [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

and rebuild their reputation. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

On Tue, May 12, 2015 at 11:14 AM, Thierry Moreau thierry.mor...@connotech.com wrote: I do not want to push any plot theory without a deep understanding of the ECC fundamentals. But recalling that NSA had prior knowledge of differential cryptanalysis (versus academia) and prior knowledge of

Re: [cryptography] Introducing SC4 -- feedback appreciated

server. Perhaps you targeted a single person, and everyone else sees the real version This is why web pages aren't trustworthy for cryptographic purposes. I wrote a blog post on this topic: http://tonyarcieri.com/whats-wrong-with-webcrypto -- Tony Arcieri

Re: [cryptography] Introducing SC4 -- feedback appreciated

carry cryptographic signatures from their publishers, so you have end-to-end security. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Unbreakable crypto?

like an unauthenticated one time pad. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Cryptanalysis of RADIUS MD5 cipher?

cryptanalytic attention. More modern deployments of RADIUS have better security options, like EAP-TTLS which tunnels the traffic through TLS. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

Re: [cryptography] QODE

On Wed, Jan 7, 2015 at 6:24 PM, listo factor listofac...@mail.ru wrote: He did try to sell maiden-voyage seat reservations. I have no idea if he collected any money, but if he did, I would not blame him, I would blame those that coughed up their coin. tl;dr: caveat emptor? -- Tony Arcieri

Re: [cryptography] What's the point of using non-NIST ECC Curves?

as to generate a curve with a one-in-a-million weakness that only they know how to exploit, the NIST curves are weak in other known ways: https://safecurves.cr.yp.to Additionally, newer curves are being picked with an emphasis on performance -- Tony Arcieri

Re: [cryptography] What's the point of using non-NIST ECC Curves?

pause in using the algorithm at all? Sure, that's why djb and friends are also working on implementing McEliece and Merkle signatures -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

Re: [cryptography] Weak random data XOR good enough random data = better random data?

: https://en.wikipedia.org/wiki/Product_cipher -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] STARTTLS for HTTP

support. Why not always flip it on if it's available on both sides, even if it's trivially MitMed? -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Question About Best Practices for Personal File Encryption

. tl;dr: if you don't trust proprietary encrypted filesystems, you better not trust the proprietary OSes they're built into either. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

Re: [cryptography] [Cryptography] Browser JS (client side) crypto FUD

in a web page is most definitely harmful and insecure. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Browser JS (client side) crypto FUD

by serving JavaScript crypto code over easily-MitMed plaintext HTTP. Here are a couple offenders... #3 Google search result for encrypted chat: http://www.chatcrypt.com/ Not popular by Google results, but a similarly silly effort: http://www.peersm.com/ -- Tony Arcieri

Re: [cryptography] Silent Circle Takes on Phones, Skype, Telecoms

On Thu, Jul 10, 2014 at 4:45 PM, John Young j...@pipeline.com wrote: This is the comsec dilemma. If a product or system becomes mainstream it is more likely to be overtly and/or covertly compromised. This is why it's important the client is open source, the binaries are reproducible, and the

Re: [cryptography] Stealthy Dopant-Level Hardware Trojans

This went to the cypherpunks list, but not to the others: http://eprint.iacr.org/2014/508 Reversing stealthy dopant level trojans! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Is it time for a revolution to replace TLS?

those monstrosities in our daily lives anymore. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Is it time for a revolution to replace TLS?

On Thu, May 15, 2014 at 1:26 PM, Phillip Hallam-Baker hal...@gmail.comwrote: JSON is a lot more than 10% better than ASN.1 or XML because both of the latter are bjorked. XML prefixes are insane And TLS isn't? ;) -- Tony Arcieri ___ cryptography

[cryptography] Best practices for paranoid secret buffers

? Are the threats they'd potentially mitigate realistic? Are there too many other things that can go wrong (e.g. rewindable VMs) for this to matter? -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net

[cryptography] Announcing ClearCrypt: a new transport encryption library

these goals. Every commit will be approved by multiple people once it has been thoroughly audited. First up: the choice of a license: https://github.com/clearcrypt/clearcrypt/pull/1 -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] [Cryptography] Announcing ClearCrypt: a new transport encryption library

valid options. Another one is Trevor Perrin's Noise: https://github.com/trevp/noise/wiki -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Request - PKI/CA History Lesson

On Tue, Apr 29, 2014 at 7:10 PM, tpb-cry...@laposte.net wrote: Or Certificate Transparency. :-) And how is that supposed to work? Here, let me help you out: http://lmgtfy.com/?q=certificate+transparencyl=1 -- Tony Arcieri ___ cryptography

Re: [cryptography] Is it time for a revolution to replace TLS?

that all the band-aids they try to put on these sharp edges are also flawed. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Request - PKI/CA History Lesson

means? I think plaintext HTTP should show an lock with a big no sign over it or something to highlight to users that the connection is insecure. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman

Re: [cryptography] Is it time for a revolution to replace TLS?

. Anyway, I'd suggest reading a bit more about how it works before dismissing it out of hand. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Is it time for a revolution to replace TLS?

http://clearcryptocode.org/tls/ Probably not going to happen, but it's nice to dream... -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Techniques for protecting CA Root certificate Secret Key

a multisignature trust system makes it easy to rotate the root keys: if one is compromised you simply sign a new root key document with t of n signatures again, listing out the newly reissued public key. -- Tony Arcieri ___ cryptography mailing list

Re: [cryptography] Techniques for protecting CA Root certificate Secret Key

. There are also multisignature Bitcoin addresses: http://bitcoin.stackexchange.com/questions/3718/what-are-multi-signature-transactions -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

Re: [cryptography] [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

looking seeds, continuing until the curve parameters, after the seed is run through SHA1, fall into the class that's known to be weak to them. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman

Re: [cryptography] [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

is they probably didn't. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

, so we would expect that Dual_EC_DRBG was their failed attempt to tamper with a cryptographic standard, and so we would overlook the more sinister and subtle attempts to tamper with the NIST curves/tinfoilhat -- Tony Arcieri ___ cryptography mailing list

Re: [cryptography] The Compromised Internet

On Wed, Sep 25, 2013 at 1:07 PM, John Young j...@pipeline.com wrote: Now that it appears the Internet is compromised What threat are you trying to prevent that isn't already solved by the use of cryptography alone? -- Tony Arcieri ___ cryptography

Re: [cryptography] Dual_EC_DRBG was cooked, but not AES?

and were all different.[4] It's now known that the NSA selected S-boxes that hardened the algorithm against differential cryptanalysis. Furthermore, 3DES continues to remain a viable cipher. See: http://www.cosic.esat.kuleuven.be/publications/article-2335.pdf -- Tony Arcieri

Re: [cryptography] Asynchronous forward secrecy encryption

, which provides both passive and active forward secrecy. It's unfortunate :( -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Asynchronous forward secrecy encryption

the sort of thing that *should* be an Internet standard ;) -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Compositing Ciphers?

if a cryptanalysis is found for either of the two ciphers. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] urandom vs random

more insecure, which is not the case despite the ancient scare-language in the manpage. The security of all stream ciphers rests in secure CSPRNGs. Meanwhile, /dev/random is not robust: https://cs.nyu.edu/~dodis/ps/rng.pdf -- Tony Arcieri ___ cryptography

Re: [cryptography] urandom vs random

-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/?comments=1post=25102733#comment-25102733 -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] urandom vs random

in the context of a thread in which someone claimed that /dev/random should be used in lieu of /dev/random. That's all I was pointing out. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

Re: [cryptography] urandom vs random

On Fri, Aug 16, 2013 at 12:55 PM, Tony Arcieri basc...@gmail.com wrote: I was quoting the title of the paper in the context of a thread in which someone claimed that /dev/random should be used in lieu of /dev/random. That's all I was pointing out. Blah, /dev/urandom... -- Tony Arcieri

[cryptography] OpenPGP adoption post-PRISM

Interesting chart: https://pbs.twimg.com/media/BQYA_qWCEAIoUFT.png -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Cypherpunks

On Mon, Jul 22, 2013 at 8:18 PM, Sean Beck seanmckayb...@lavabit.comwrote: Does it look encrypted? Encrypted with a virus -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

[cryptography] A secret sharing consensus protocol (or leader election protocol)

. DoS, having compromised only one other host directly. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Message

/listinfo/cryptography -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] NSA breakthrough

On Fri, Jun 14, 2013 at 8:25 AM, Noon Silk noonsli...@gmail.com wrote: there are no known quantum algorithms which offer any serious benefit in this arena. o_O http://en.wikipedia.org/wiki/Shor's_algorithm -- Tony Arcieri ___ cryptography mailing

Re: [cryptography] NSA breakthrough

On Fri, Jun 14, 2013 at 10:27 AM, Tony Arcieri tony.arci...@gmail.comwrote: On Fri, Jun 14, 2013 at 8:25 AM, Noon Silk noonsli...@gmail.com wrote: there are no known quantum algorithms which offer any serious benefit in this arena. o_O http://en.wikipedia.org/wiki/Shor's_algorithm Also

Re: [cryptography] Looking for earlier proof: no secure channel without previous secure channel

://lists.randombit.net/mailman/listinfo/cryptography -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Cypherpunks mailing list

The original Cypherpunks mailing list seems dead. Is there any list that it's successor? -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Keyspace: client-side encryption for key/value stores

of the Keyspace server attempts to publish a ciphertext older than what's in the local client cache. Anyway, have a look, I'd love some feedback ;) -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman

Re: [cryptography] Keyspace: client-side encryption for key/value stores

, Mar 21, 2013 at 12:07 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 21, 2013 at 2:52 AM, Tony Arcieri tony.arci...@gmail.com wrote: https://github.com/livingsocial/keyspace tl;dr: Keyspace provides least authority client-side encryption for key/value stores using NaCl's

Re: [cryptography] Sodium. (Was: Re: NaCl Documentation?)

of the existing NaCl code, the most notable aspect being the removal of the assembly code which allows Sodium to be fully PIC. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

[cryptography] SafetyLock™

FRACTALS! (NOTE: I am using the word fact rather loosely here) -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

/the-anatomy-of-bad-idea.html -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] [ANN] RbNaCl 1.0.0: Cryptography for Ruby that doesn't suck

in Ruby, RbNaCl is one of your best options. Enjoy! -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Sodium: NaCl repackaged for portability/ease-of-use

, if what matters is the API rather than speed, then achieving PIC is easy: just remove the asm. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Client TLS Certificates - why not?

) 3) There's no uniform API for managing client certs from JavaScript -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Zooko's semiprivate keys

Here's an implementation of semiprivate keys in SAGE (courtesy DCoder) that actually works: https://gist.github.com/tarcieri/40d2eb8e4e8f9ed28b3a I'm a bit lost as to where I'm going wrong in my NaCl-based implementation -- Tony Arcieri

[cryptography] Zooko's semiprivate keys

? I'm also going to try to double check this with SAGE and make sure I can actually get things working there. Also if anyone has any ideas as to how I can describe the security properties of this system, I'd love some advice in that department. -- Tony Arcieri

Re: [cryptography] Zero knowledge as a term for end-to-end encryption

sites (e.g. SpiderOak) trying to claim to be the first to have invented this concept. I don't know who did it first, but I'm pretty sure Tahoe was the first to actually get it right. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net

[cryptography] Zero knowledge as a term for end-to-end encryption

in this way? -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography