John Kelsey writes:
> In the overwhelming majority of cases, I know and want to know the
> people I'm talking with. I just don't want to contents of those
> conversations or the names of people I'm talking with to be revealed
> to eavesdroppers. And if I get an email from one of my regular
> co
Op 13 sep. 2013, om 21:23 heeft Perry E. Metzger het
volgende geschreven:
> On Fri, 13 Sep 2013 08:08:38 +0200 Eugen Leitl
> wrote:
>> Why e.g. SWIFT is not running on one time pads is beyond me.
>
> I strongly suspect that delivering them securely to the vast number
> of endpoints involved a
On Thu, Sep 12, 2013 at 1:11 PM, Nico Williams wrote:
> - Life will look a bit bleak for a while once we get to quantum machine
> cryptopocalypse...
Why? We already have NTRU. We also have Lamport Signatures. djb is working
on McBits. I'd say there's already many options on the table if you
One wants maximum entropy not only from one's RNG but also from one's
discussions about randomness.
Sadly, entropy is measured based on the level of "surprise" at the
content, and the level of surprise is going down in the current
discussion. As surprise goes to zero, so does interest on the part
John Kelsey wrote:
> I think the big problem with (b) is in quantifying the entropy you get.
Maybe don't.
When Bruce Schneier last put his hand to designing an RNG he concluded that
estimating entropy is doomed. I don't think he would object to some coarse
order-of-magnitude confirmation that t
On 09/15/2013 10:19 AM, John Kelsey wrote:
But those are pretty critical things, especially (a). You need to know
whether it is yet safe to generate your high-value keypair. For that,
you don't need super precise entropy estimates, but you do need at
least a good first cut entropy estimate--doe
On 15/09/13 00:38 AM, Kent Borg wrote:
On 09/14/2013 03:29 PM, John Denker wrote:
And once we have built such vaguely secure systems, why reject entropy
sources within those systems, merely because they you think they look
like "squish"? If there is a random component, why toss it out?
He'
On Sep 14, 2013, at 5:38 PM, Kent Borg wrote:
>> Things like clock skew are usually nothing but squish ... not reliably
>> predictable, but also not reliably unpredictable. I'm not interested in
>> squish, and I'm not interested in speculation about things that "might" be
>> random.
>
> I see
On 09/15/2013 03:49 AM, Kent Borg wrote:
> When Bruce Schneier last put his hand to designing an RNG he
> concluded that estimating entropy is doomed. I don't think he would
> object to some coarse order-of-magnitude confirmation that there is
> entropy coming in, but I think trying to meter entro
Previously I said we need to speak more carefully about these
things. Let me start by taking my own advice:
Alas on 09/14/2013 12:29 PM, I wrote:
> a) In the linux "random" device, /any/ user can mix stuff into the
> driver's pool. This is a non-privileged operation. The idea is that
> it can't
On Sat, Sep 14, 2013 at 12:29 PM, John Denker wrote:
>
> This discussion will progress more smoothly and more rapidly
> if we clarify some of the concepts and terminology.
[...]
>
> Things like clock skew are usually nothing but squish ... not
> reliably predictable, but also not reliably unpredic
See:
https://www.eff.org/document/nsa-business-records-fisa-redactedex-ocr
This is one of the documents that an EFF Freedom of Information
lawsuit asked for. The government had been claiming they could not
release ANY FISA court orders or submissions. When the President
ordered the intelligence
On Sep 15, 2013, at 7:47 AM, Adam Back wrote:
> Another design permutation I was thinking could be rather interesting is
> unobservable mail. That is to say the participants know who they are
> talking to (signed, non-pseudonymous) but passive observers do not. It
> seems to me that in that cir
On Sep 15, 2013, at 6:49 AM, Kent Borg wrote:
> John Kelsey wrote:
>> I think the big problem with (b) is in quantifying the entropy you get.
>
> Maybe don't.
>
> When Bruce Schneier last put his hand to designing an RNG he concluded that
> estimating entropy is doomed. I don't think he would
On Fri, Sep 13, 2013 at 04:55:05PM -0400, John Kelsey wrote:
The more I think about it, the more important it seems that any anonymous
email like communications system *not* include people who don't want to be
part of it, and have lots of defenses to prevent its anonymous
communications from beco
15 matches
Mail list logo