Re: [cryptography] beginner crypto

2013-12-30 Thread yersinia
Engineering is a good, up to date resource: https://www.schneier.com/book-ce.html On Mon, Dec 30, 2013 at 4:17 PM, Jeffrey Goldberg jeff...@goldmark.org wrote: On Dec 29, 2013, at 3:56 PM, yersinia yersinia.spi...@gmail.com wrote: On Sun, Dec 29, 2013 at 7:28 PM, code elusive code.elus

Re: [cryptography] beginner crypto

2013-12-29 Thread yersinia
On Sun, Dec 29, 2013 at 7:28 PM, code elusive code.elus...@gmail.com wrote: there are two university courses on cryptography offered freely through Coursera. In case you want to have a look, the archive for Crypto1 is at [1]. The archive includes video lectures, subtitles, problem-sets, forum

Re: [cryptography] [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

2013-10-01 Thread yersinia
On Tue, Oct 1, 2013 at 9:00 PM, Jeffrey Goldberg jeff...@goldmark.orgwrote: On 2013-10-01, at 12:54 PM, Tony Arcieri basc...@gmail.com wrote: I wouldn't put it past them to intentionally weaken the NIST curves. This is what has changed. Previously, I believed that they *wouldn’t* try to do

Re: [cryptography] urandom vs random

2013-08-17 Thread yersinia
On Sat, Aug 17, 2013 at 6:39 PM, Sandy Harris sandyinch...@gmail.comwrote: shawn wilson ag4ve...@gmail.com wrote: I thought that decent crypto programs (openssh, openssl, tls suites) should read from random so they stay secure and don't start generating /insecure/ data when entropy runs

Re: [cryptography] skype backdoor confirmation

2013-05-22 Thread yersinia
Sorry for the top posting. Many company are using private social network these days. As usual someone internal to the organization has the right to record and sniff also the private traffic. Don't like ? Well, you can always use services as scrumbls. Perhaps not so secure from a nsa wiretap but

[cryptography] mTLS: miTLS is a verified reference implementation of the TLS protocol

2013-03-25 Thread yersinia
miTLS is a verified reference implementation of the TLS protocolhttp://tools.ietf.org/html/rfc5246. Our code fully supports its wire formats, ciphersuites, sessions and connections, re-handshakes and resumptions, alerts and errors, and data fragmentation, as prescribed in the RFCs; it

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread yersinia
On Sun, Mar 10, 2013 at 12:20 PM, D. J. Bernstein d...@cr.yp.to wrote: Ryan Sleevi writes: What use case makes the NaCl algorithms (whose specification is merely 'use NaCl', which boils down to Use Salsa+Curve25519) worthwhile? Of course, this doesn't imply that NaCl is what developers

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

2013-03-10 Thread yersinia
On Sun, Mar 10, 2013 at 6:58 PM, ianG i...@iang.org wrote: On 10/03/13 20:25 PM, yersinia wrote: On Sun, Mar 10, 2013 at 12:20 PM, D. J. Bernstein d...@cr.yp.to mailto:d...@cr.yp.to wrote: Ryan Sleevi writes: What use case makes the NaCl algorithms (whose specification

Re: [cryptography] An encryption project

2013-01-28 Thread yersinia
Sorry for the top posting. Are you sure that you want to do something in this field before reading in depth anything ? Crypto is no more magic art. Anyway, it always better to use something that most expert consider, or better, have some proof that it is rock solid, in the modern crypto sense.