Previously I said we need to speak more carefully about these
things. Let me start by taking my own advice:
Alas on 09/14/2013 12:29 PM, I wrote:
a) In the linux random device, /any/ user can mix stuff into the
driver's pool. This is a non-privileged operation. The idea is that
it can't
On Sep 14, 2013, at 5:38 PM, Kent Borg wrote:
Things like clock skew are usually nothing but squish ... not reliably
predictable, but also not reliably unpredictable. I'm not interested in
squish, and I'm not interested in speculation about things that might be
random.
I see theoretical
On 15/09/13 00:38 AM, Kent Borg wrote:
On 09/14/2013 03:29 PM, John Denker wrote:
And once we have built such vaguely secure systems, why reject entropy
sources within those systems, merely because they you think they look
like squish? If there is a random component, why toss it out?
He's
On 09/15/2013 10:19 AM, John Kelsey wrote:
But those are pretty critical things, especially (a). You need to know
whether it is yet safe to generate your high-value keypair. For that,
you don't need super precise entropy estimates, but you do need at
least a good first cut entropy
John Kelsey wrote:
I think the big problem with (b) is in quantifying the entropy you get.
Maybe don't.
When Bruce Schneier last put his hand to designing an RNG he concluded that
estimating entropy is doomed. I don't think he would object to some coarse
order-of-magnitude confirmation that
One wants maximum entropy not only from one's RNG but also from one's
discussions about randomness.
Sadly, entropy is measured based on the level of surprise at the
content, and the level of surprise is going down in the current
discussion. As surprise goes to zero, so does interest on the part
On Thu, Sep 12, 2013 at 1:11 PM, Nico Williams n...@cryptonector.comwrote:
- Life will look a bit bleak for a while once we get to quantum machine
cryptopocalypse...
Why? We already have NTRU. We also have Lamport Signatures. djb is working
on McBits. I'd say there's already many options
Op 13 sep. 2013, om 21:23 heeft Perry E. Metzger pe...@piermont.com het
volgende geschreven:
On Fri, 13 Sep 2013 08:08:38 +0200 Eugen Leitl eu...@leitl.org
wrote:
Why e.g. SWIFT is not running on one time pads is beyond me.
I strongly suspect that delivering them securely to the vast
John Kelsey crypto@gmail.com writes:
In the overwhelming majority of cases, I know and want to know the
people I'm talking with. I just don't want to contents of those
conversations or the names of people I'm talking with to be revealed
to eavesdroppers. And if I get an email from one