Re: [Cryptography] NSA and cryptanalysis

2013-09-01 Thread Perry E. Metzger
On Sat, 31 Aug 2013 17:00:01 -0400 John Kelsey crypto@gmail.com wrote: If I had to bet, I'd bet on bad rngs as the most likely source of a breakthrough in decrypting lots of encrypted traffic from different sources. This seems by far the most probable conclusion. Note, for example,

Re: [Cryptography] NSA and cryptanalysis

2013-09-01 Thread Jerry Leichter
On Sep 1, 2013, at 2:36 AM, Peter Gutmann wrote: John Kelsey crypto@gmail.com writes: If I had to bet, I'd bet on bad rngs as the most likely source of a breakthrough in decrypting lots of encrypted traffic from different sources. If I had to bet, I'd bet on anything but the crypto.

Re: [Cryptography] Functional specification for email client?

2013-09-01 Thread Ray Dillinger
On 08/31/2013 02:53 PM, John Kelsey wrote: I think it makes sense to separate out the user-level view of what happens. True. I shouldn't have muddied up user-side view with notes about packet forwarding, mixing, cover traffic, and domain lookup, etc. Some users (I think) will want to know

Re: [Cryptography] NSA and cryptanalysis

2013-09-01 Thread John Kelsey
What I think we are worried about here are very widespread automated attacks, and they're passive (data is collected and then attacks are run offline). All that constrains what attacks make sense in this context. You need attacks that you can run in a reasonable time, with minimal

Re: [Cryptography] Thoughts about keys

2013-09-01 Thread Ben Laurie
On 25 August 2013 21:29, Perry E. Metzger pe...@piermont.com wrote: [Disclaimer: very little in this seems deeply new, I'm just mixing it up in a slightly different way. The fairly simple idea I'm about to discuss has germs in things like SPKI, Certificate Transparency, the Perspectives

Re: [Cryptography] NSA and cryptanalysis

2013-09-01 Thread Perry E. Metzger
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com wrote: Meanwhile, just what evidence do we really have that AES is secure? The fact that the USG likes using it, too. That's also evidence for eliptic curve techniques btw. Perry -- Perry E. Metzger

Re: [Cryptography] NSA and cryptanalysis

2013-09-01 Thread Jerry Leichter
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote: On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com wrote: Meanwhile, just what evidence do we really have that AES is secure? The fact that the USG likes using it, too. We know they *say in public* that it's acceptable.

Re: [Cryptography] NSA and cryptanalysis

2013-09-01 Thread Perry E. Metzger
On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter leich...@lrw.com wrote: On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote: On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com wrote: Meanwhile, just what evidence do we really have that AES is secure? The fact that