combining entropy

If I have N pools of entropy (all same size X) and I pool them together with XOR, is that as good as it gets? My assumptions are: * I trust no single source of Random Numbers. * I trust at least one source of all the sources. * no particular difficulty with lossy combination. iang --

[Fwd: [announce] THC releases video and tool to backup/modify ePassports]

We knew it was coming, right? Original Message Subject: [announce] THC releases video and tool to backup/modify ePassports Date: Mon, 29 Sep 2008 10:00:26 + From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] http://freeworld.thc.org/thc-epassport/ 29th September 2008 THC/vo

TLS Server Name Indication and IDNA?

I am considering adding TLS Server Name Indication support in the Postfix SMTP server and client. I am puzzled by the exceedingly terse description of the semantics of the HostName sent in the SNI extension: http://tools.ietf.org/html/rfc4366#section-3.1 If the hostname labels contain

Re: TLS Server Name Indication and IDNA?

RFC 4366 is somewhat of a mess. I do not remember the authors asking the authors of IDNA (of which I am one) about what they should do. FWIW, I'm not sure why this would be on the cryptography list, but I'm not sure of that for most of the "we can design a better UI" threads either. What sh

Re: EV certs: Doing more of what we already know doesn't work

Cool! ;-) Verisign's CPS has been an inspiration for me for quite a few years now. E.g., this statement has been in there for a number of years: The Certificate, however, provides no proof of the identity of the Subscriber. Taken from page 12 of the current version, obviously (?) referring

"unbreakable" quantum crypto cracked by a laser

http://technology.newscientist.com/channel/tech/dn14866-laser-cracks-unbreakable-quantum-communications.html?feedId=online-news_rss20 Not surprisingly, it's attacking the implementation, not the physics -- but of course we use implementations to communicate, rather than theories.

What does knot theory have to do with P^#P != NP ?

David Molnar (ephermata) wrote, @ 2008-10-04 01:59:00 Current music: Crystal Castles - Air War What does knot theory have to do with P^#P != NP ? I didn't know, but Michael H. Freedman has an answer - by assuming that the complexity

Who cares about side-channel attacks?

For the past several years I've been making a point of asking users of crypto on embedded systems (which would be particularly good targets for side-channel attacks, particularly ones that provide content-protection capabilities) whether they'd consider enabling side-channel attack (SCA - no, no

Quantum Crypto broken again

A failure in implementation leads to the ability to eavesdrop on a quantum-secrecy based key exchange on 2/3 of the types of quantum equipment used. From: Makarov and colleagues from Swe

Re: "Cube" cryptanalysis?

Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: Given all the

Re: once more, with feeling.

Peter Gutmann wrote: >> If this had been done in the beginning, before users -- and web site >> designers, and browser vendors -- were mistrained, it might have worked. >> Now, though? I'm skeptical. > > For existing apps with habituated users, so am I. So how about the following > strawman: Tak

Using GPUs to crack crypto

Elcomsoft has a product that uses GPUs to do password-cracking on a variety of media. They claim a speed-up of up to 67x, depending on the application being attacked. http://www.elcomsoft.com/edpr.html?r1=pr&r2=wpa (This has led to a variety of stories (see, for example, http://www.scmagazineuk.

Snatching defeat from the jaws of victory

The DailyWTF has an entertainnig writeup on how not to use strong crypto to protect an embedded device, in this case a Wii, at http://thedailywtf.com/Articles/Anatomii-of-a-Hack.aspx. The signature-verification function was particularly entertaining: decrypt_rsa(signature, public_key, decryp

Chip-and-pin card reader supply-chain subversion 'has netted millions from British shoppers'

[British shoppers were promised high security by switching from credit cards to cards that have a chip in them and require that a PIN be entered for each transaction. That was the reason for changing everything over, at high cost in both money and inconvenience to shops and shoppers. Perhaps chip

German data rentention law

Begin forwarded message: From: Eugen Leitl <[EMAIL PROTECTED]> Date: October 18, 2008 7:08:22 AM GMT-04:00 To: [EMAIL PROTECTED] Subject: German data rentention law - Forwarded message from "Karsten N." <[EMAIL PROTECTED] > - From: "Karsten N." <[EMAIL PROTECTED]> Date: Sat, 18 Oct

Pulling Keystrokes Out of the Air

"Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.). A vulnerability on these devices will definitely kill the security of any computer or ATM." http://lasecwww.epfl.ch/keyboard/ Arsha

Re: combining entropy

On 09/29/2008 05:13 AM, IanG wrote: > My assumptions are: > > * I trust no single source of Random Numbers. > * I trust at least one source of all the sources. > * no particular difficulty with lossy combination. > If I have N pools of entropy (all same size X) and I pool them > together with

ADMIN: backlog cleared

Moderator's note: Yes, I'm alive. I've just been insanely busy. I'm planning on adding a system so I can turn the list over to guest moderators before this happens again (in about a month, I'm anticipating.) Perry - The Cryptogr

Re: combining entropy

[Moderator's note: top posting is not tasteful. --Perry] I think it depends on what you mean by "N pools of entropy". Are you assuming that one of these is sources is (pseudo)random, but you don't know which one? Are you assuming independence of these difference sources? If both these assumpti

Re: combining entropy

On Mon, Sep 29, 2008 at 1:13 PM, IanG <[EMAIL PROTECTED]> wrote: > If I have N pools of entropy (all same size X) and I pool them > together with XOR, is that as good as it gets? Surely not. Consider N pools each of size 1 bit. Clearly you can do better than the 1 bit your suggestion would yield.

Re: combining entropy

On Oct 24, 2008, at 14:29, John Denker wrote: On 09/29/2008 05:13 AM, IanG wrote: My assumptions are: * I trust no single source of Random Numbers. * I trust at least one source of all the sources. * no particular difficulty with lossy combination. If I have N pools of entropy (all same s

Re: combining entropy

L.S., > If I have N pools of entropy (all same size X) and I pool them > together with XOR, is that as good as it gets? > > My assumptions are: > > * I trust no single source of Random Numbers. > * I trust at least one source of all the sources. > * no particular difficulty with lossy combina

Re: combining entropy

On Oct 24, 2008, at 15:37, Stephan Neuhaus wrote: Ah, but for this to hold, you will also have to assume that the N pools are all independent. Slight correction: You will have to assume that one of the trusted pools is independent from the others. Best, Stephan -

Re: combining entropy

IanG wrote: If I have N pools of entropy (all same size X) and I pool them together with XOR, is that as good as it gets? My assumptions are: * I trust no single source of Random Numbers. * I trust at least one source of all the sources. * no particular difficulty with lossy combination.

Re: once more, with feeling.

On Sun, Oct 12, 2008 at 7:39 AM, Ben Laurie <[EMAIL PROTECTED]> wrote: > > One argument that I > have increasing sympathy with is that SSO (or if you want to be modern, > federated login) Federated identity is the fancy modern term for cross-domain SSO. > Obviously the end game here is that the u

Re: Who cares about side-channel attacks?

On Mon, Oct 06, 2008 at 05:51:50PM +1300, Peter Gutmann wrote: > For the past several years I've been making a point of asking users of crypto > on embedded systems (which would be particularly good targets for side-channel > attacks, particularly ones that provide content-protection capabilities)

26 historic Enigmas found in Spain

http://www.theregister.co.uk/2008/10/24/spanish_enigmas/ Spanish discover cache of 26 Enigma machines Franco's 'secret weapon' tracked to army HQ By Lester Haines Posted in Science, 24th October 2008 10:03 GMT Spanish newspaper El Pa�s last week tracked down 26 examples of Franco's "secret w

Re: combining entropy

On Sep 29, 2008, at 5:13 AM, IanG wrote: If I have N pools of entropy (all same size X) and I pool them together with XOR, is that as good as it gets? My assumptions are: * I trust no single source of Random Numbers. * I trust at least one source of all the sources. * no particular difficulty

Re: combining entropy

On Fri, Oct 24, 2008 at 10:23:07AM -0500, Thierry Moreau wrote: > Do you really trust that no single source of entropy can have knowledge of > the other source's output, so it can surreptitiously correlate its own? > > I.e, you are are also assuming that these sources are *independent*. I do not

Re: combining entropy

On 10/24/2008 01:12 PM, Jack Lloyd wrote: > is a very different statement from saying that > lacking such an attacker, you can safely assume your 'pools of > entropy' (to quote the original question) are independent in the > information-theoretic sense. The question, according to the origina

Re: combining entropy

On Fri, Oct 24, 2008 at 03:20:24PM -0700, John Denker wrote: > On 10/24/2008 01:12 PM, Jack Lloyd wrote: > > > is a very different statement from saying that > > lacking such an attacker, you can safely assume your 'pools of > > entropy' (to quote the original question) are independent in the