Attached are the footnotes for this year's crypto news. (Sorry to be so late, we had a 36 hour internet/phone outage. Not Verizon's fault the excavation contractor cut a bundle.)
One update is the DCC DPRNG that I quoted knowledgeable folk as saying was " so slow no one used it" so we didn't care it was deprecated was in fact set as the Default in the RSA BSAFE commercial crypto suite. (Which is quite expensive so if you aren't building FIPS-certified software you likely can't afford it.) RSA is also deprecating this also. http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/ Good blogs for non-sec techies to follow for sec stuff: *Technology Review*, http://www.technologyreview.com/computing/ *Ars Technica* http://arstechnica.com/security/ *Schneier.com* https://www.schneier.com/ *Wired* mag http://www.wired.com/threatlevel/ e.g., overview - http://www.technologyreview.com/news/519171/nsa-leak-leaves-crypto-math-intact-but-highlights-known-workarounds/ On Wed, Sep 18, 2013 at 11:43 AM, Bill Ricker <[email protected]> wrote: > > > ---------- Forwarded message ---------- > From: Bill Ricker <[email protected]> > Date: Wed, Sep 18, 2013 at 11:23 AM > Subject: Re: Boston Linux Meeting reminder today, September 18, 2013 - > PGP/GnuPG Keysigning Party XIV > To: Jerry Feldman <[email protected]> > Cc: BLU <[email protected]>, Greater New Hampshire LUG < > [email protected]> > > > Based on latest news and comments, we should not be signing 1024 bit keys. > > 2048 or larger. Bruce Schneier's new key is 4096 bits, so that's become > accepted. > > bill > > > > -- > Bill > @n1vux [email protected] > -- Bill @n1vux [email protected]
_______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
