On 15/09/13 07:17 AM, Tony Arcieri wrote:
... djb is
working on McBits.
McBits: fast constant-time code-based cryptography
Abstract.
This paper presents extremely fast algorithms for code-based
public-key cryptography, including full protection against timing
attacks. For example, at a 2^128
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aloha!
John Denker wrote:
On 09/15/2013 03:49 AM, Kent Borg wrote:
When Bruce Schneier last put his hand to designing an RNG he
concluded that estimating entropy is doomed. I don't think he
would object to some coarse order-of-magnitude
On Sat, 14 Sep 2013 20:37:07 -0700 John Gilmore g...@toad.com wrote:
[A very interesting message, and I'm going to reply to just one tiny
detail in it...]
We in the outside world *invented* all of NSA's infrastructure.
They buy it from us, and are just users like most computer
users. (Yes,
ianG writes:
On 14/09/13 18:53 PM, Peter Fairbrother wrote:
But, I wonder, where do these longer equivalent figures come from?
http://keylength.com/ (is a better repository to answer your question.)
I assume that web site only takes account of time, it does not base
its calculations to cost
/smartfacts-20130916.pdf
-kb
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
After Rijndael was selected as AES, someone suggested the really
paranoid should super encrypt with all 5 finalests in the
competition. Five level super encryption is probably overkill,
but two or three levels can offer some real advantages. So
consider simple combinations of techniques which
Just writing document two in the PRISM-Proof series. I probably have to
change the name before November. Thinking about 'Privacy Protected' which
has the same initials.
People talk about end-to-end without talking about what they are. In most
cases at least one end is a person or an
I've not been able to figure out if Apple is using certificate
pinning for its applications (including its update systems) that seem
to use PKI. Does anyone know?
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
On 9/16/13 at 12:36 PM, leich...@lrw.com (Jerry Leichter) wrote:
On Sep 16, 2013, at 12:44 PM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with
all 5 finalests in the competition. Five level super
What I think we are worried about here are very widespread
automated attacks, and they're passive (data is collected and
then attacks are run offline). All that constrains what attacks
make sense in this context.
John Kelsey discusses several attacks that might fit this
profile but one he did
On Mon, Sep 16, 2013 at 3:14 PM, Ben Laurie b...@links.org wrote:
On 16 September 2013 18:49, Phillip Hallam-Baker hal...@gmail.com wrote:
To me the important thing about transparency is that it is possible for
anyone to audit the key signing process from publicly available
information.
On Fri, 13 Sep 2013, Eugen Leitl wrote:
Given that there is One True Source of randomness to wit radioactive
What makes you think that e.g. breakdown oin a reverse biased
Zener diode is any less true random? Or thermal noise in a
crappy CMOS circuit?
It was a throw-away line; sigh...
On 16 September 2013 18:49, Phillip Hallam-Baker hal...@gmail.com wrote:
To me the important thing about transparency is that it is possible for
anyone to audit the key signing process from publicly available
information. Doing the audit at the relying party end prior to every
reliance seems
On Mon, Sep 16, 2013 at 2:48 PM, zooko zo...@zooko.com wrote:
On Sun, Sep 08, 2013 at 08:28:27AM -0400, Phillip Hallam-Baker wrote:
It think we need a different approach to source code management. Get rid
of
user authentication completely, passwords and SSH are both a fragile
approach.
On Mon, Sep 16, 2013 at 9:44 AM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with all 5 finalests in the competition. Five level
super encryption is probably overkill, but two or three levels can offer
On Sep 16, 2013, at 6:20 PM, Bill Frantz wrote:
Joux's paper Multicollisions in iterated hash functions
http://www.iacr.org/archive/crypto2004/31520306/multicollisions.ps
shows that finding ... r-tuples of messages that all hash to the same value
is not much harder than finding ... pairs of
On Mon, Sep 16, 2013 at 4:02 PM, Jerry Leichter leich...@lrw.com wrote:
On Sep 16, 2013, at 6:20 PM, Bill Frantz wrote:
Joux's paper Multicollisions in iterated hash functions
http://www.iacr.org/archive/crypto2004/31520306/multicollisions.ps
shows that finding ... r-tuples of messages that all
On 9/16/13 at 4:02 PM, leich...@lrw.com (Jerry Leichter) wrote:
The feeling these days among those who do such work is that
unless you're going to use a specialized combined encryption
and authentication mode, you might as well use counter mode
(with, of course, required authentication). For
18 matches
Mail list logo