such systems.
Anyone care to shed some light? Pointers to literature are especially
welcome, but anything that is just in the folklore is also clearly
of use...
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
for mobiles, which need not be interior mix
nodes per se) is negligible.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
. Mix networks including Tor are
probably the answer on that. Without such a mechanism, listening in on
the query traffic becomes a very good way to trace out social
networks.
Perry
--
Perry E. Metzgerpe...@piermont.com
, especially if easy
key management is around. (I'm aware that the spam problem now
requires a huge staff to deal with, but there are potential solutions
there as well -- for example, one could just not do SMTP based email
at home. More on that in another message at some point.)
--
Perry E. Metzger
. No additional effort to install
because this is the only protocol it handles.
I see this as a reasonable observation.
As I said, I'll be explaining the rest of my proposal (of which I've
put up the first two parts, which are reasonably independent) later.
Perry
--
Perry E. Metzgerpe
from the operators of most of the services.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
nodes make
better mix participants.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sun, 25 Aug 2013 21:33:42 +0200 Ralph Holz
ralph-cryptometz...@ralphholz.de wrote:
On 08/25/2013 09:12 PM, Perry E. Metzger wrote:
For some research on communications privacy I'm doing at the
moment, I'm interested in learning about the state of the art of
DHT systems and mix network
, or service being shut down by inadvertent
behavior.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
standardization if warranted.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
are the most significant
new development in software quality in decades. The user
unfriendliness could be fixed by a new generation of users and
developers who started further away from the problem.
Perry
--
Perry E. Metzgerpe...@piermont.com
E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
the size of modern botnets?
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
for the reader.]
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Mon, 26 Aug 2013 10:40:17 -0700 Ray Dillinger b...@sonic.net
wrote:
On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into
keys with reasonable trust) and part 2
to take off.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Tue, 27 Aug 2013 12:06:47 +1200 Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Perry E. Metzger pe...@piermont.com writes:
Custom built hardware will probably be the smartest way to go for
an entrepreneur trying to sell these in bulk to people as home
gateways anyway -- you want the nice
of today's
hard drives. Furthermore, say that 1% of the entries update per day
-- even at that low rate, you're going to swamp lots of people's
internet transfer quotas.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing
accept all
contact requests, at least temporarily.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
don't claim to have all the answers, but experimentation will
probably tell us a lot more than simply thinking in the abstract.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
On Tue, 27 Aug 2013 19:57:30 -0600 Peter Saint-Andre
stpe...@stpeter.im wrote:
On 8/27/13 7:47 PM, Jonathan Thornburg wrote:
On Tue, 27 Aug 2013, Perry E. Metzger wrote:
Say that you want to distribute a database table consisting of
human readable IDs, cryptographic keys and network
understand why people would want to do
it that way. It is not, however, practical if one wants to deploy in
months and not decades, and it makes trust entirely hierarchical.
Perry
--
Perry E. Metzgerpe...@piermont.com
in the first of my three messages on my proposed new
model -- it also happens to handle revocation reasonably well
(though imperfectly).
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
, and one that is not the
DNS.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
.
For me, it was Monday, over the phone.
Anyway, we both have our opinions here, I'm sure we're not going to
come to a single agreement. I'm implementing something based on my
hunches, I invite others to do the same.
Let a thousand flowers bloom...
Perry
--
Perry E. Metzgerpe
have non-technical friends who use it and are totally
happy with the results. I wish there was an automated thing in Time
Machine to let me trade backups with an offsite friend as well.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Thu, 29 Aug 2013 01:18:59 +1000 (EST) Dave Horsfall
d...@horsfall.org wrote:
On Wed, 28 Aug 2013, Perry E. Metzger wrote:
Anyway, I've already started implementing my proposed solution to
that part of the problem. There is still a need for a distributed
database to handle the lookup
On Wed, 28 Aug 2013 10:43:24 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter
leich...@lrw.com wrote:
It's not as if this isn't a design we have that we know works:
DNS.
Read what I said
it
be nice to make some progress in the other direction?
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
speculation on
the basis of no actual concrete information isn't that productive.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter leich...@lrw.com
wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact that the USG likes using it, too.
That's also evidence for eliptic curve techniques btw.
Perry
--
Perry E. Metzgerpe
On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
leich...@lrw.com wrote:
Meanwhile, just what evidence do we really have that AES is
secure?
The fact
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
that factoring and discrete logs
over the integers aren't as hard as people had thought.
Not at all, and the rationale is public and seen above.
I believe you're incorrectly claiming that we know much less than we
actually do here.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Mon, 2 Sep 2013 19:53:03 +0200 Faré fah...@gmail.com wrote:
On Mon, Sep 2, 2013 at 7:19 PM, Perry E. Metzger
pe...@piermont.com wrote:
On Mon, 2 Sep 2013 03:00:42 +0200 Faré fah...@gmail.com wrote:
At intervals, the trustworthy organization (and others like
it) can send out email
On Mon, 2 Sep 2013 15:09:31 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
leich...@lrw.com wrote:
- To let's look at what they want for TOP SECRET. First off,
RSA - accepted
with strong typing to be preserved in the delivered machine code in
the first place.)
I leave speculation to pundits, and prefer to write code and design
protocols.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
are something you can actually do something about.)
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
, proof
carrying code, microkernels, hardware assists, formal verification...
in the hopes that the mumbling might set some minds thinking.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography
tell, such
ciphers are actually quite secure, though impractically slow.
Pointers to his original sci.crypt posting would be appreciated, I
wasn't able to find it with a quick search.
Perry
--
Perry E. Metzgerpe...@piermont.com
the
scope of the list. There are a bunch of google people on the mailing
list, perhaps one or more of them might want to contact Lucky in
private and see if they can help him with his question.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Wed, 4 Sep 2013 10:37:12 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Phil Karn described a construction for turning any hash function
into the core of a Feistel cipher in 1991. So far as I can tell,
such ciphers are actually quite secure, though impractically slow.
Pointers to his
I hate to ask this yet again, but:
Please, please, please don't top post.
Please, please, please edit down your replies.
If your mobile device, say, doesn't let you do otherwise, it can
probably wait half an hour until you get to a machine with a keyboard.
--
Perry E. Metzger
interest.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
inappropriate material.
At the same time, I will repeat that reasonably informed
technical speculation is appropriate, as is any solid information
available.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
On Thu, 5 Sep 2013 16:53:15 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Classified N.S.A. memos appear to confirm that the fatal
weakness, discovered by two Microsoft cryptographers in 2007, was
engineered by the agency. The N.S.A. wrote the standard and
aggressively pushed
be
indecipherable to criminals or governments
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
not to feel overly strongly that
this is what happened, but it does lead one to wonder strongly.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman
On Thu, 5 Sep 2013 15:58:04 -0400 Perry E. Metzger
pe...@piermont.com wrote:
I would like to open the floor to *informed speculation* about
BULLRUN.
Here are a few guesses from me:
1) I would not be surprised if it turned out that some people working
for some vendors have made code
Quite worth reading. There is some speculation in there about various
weaknesses that may have been added as well.
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
--
Perry E. Metzgerpe...@piermont.com
searches,
Internet chats and phone calls of Americans and others around the
world, the documents show.
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all
--
Perry E. Metzgerpe...@piermont.com
that it
is impossible that they can break 3DES at this point, but it doesn't
sound like that's what is being discussed here.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http
, but is it an actual worry in other contexts? I tend not to
believe that but I'm curious about opinions.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com
Denning's old report on that for a reminder.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
or to something similarly worthwhile.
Yes, this is irresistible gossip for many of us, but I don't know that
it is interesting beyond that, and our traffic levels are quite high
right now already.
Perry
--
Perry E. Metzgerpe...@piermont.com
On Fri, 06 Sep 2013 12:13:48 +1200 Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Perry E. Metzger pe...@piermont.com writes:
I would like to open the floor to *informed speculation* about
BULLRUN.
Not informed since I don't work for them, but a connect-the-dots:
1. ECDSA/ECDH (and DLP
On Fri, 06 Sep 2013 13:50:54 +1200 Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Perry E. Metzger pe...@piermont.com writes:
Does that make them NSA plants? There's drafts for one or
two more fairly basic fixes to significant problems from other
people that get stalled forever, while
to this old
paper by Blaze, Feigenbaum and Leighton:
http://www.crypto.com/papers/mkcs.pdf
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
On Thu, 5 Sep 2013 21:42:29 -0700 Jon Callas j...@callas.org wrote:
On Sep 5, 2013, at 9:33 PM, Perry E. Metzger pe...@piermont.com
wrote:
It is probably very difficult, possibly impossible in practice, to
backdoor a symmetric cipher. For evidence, I direct you to this
old paper
this, but of course the phone is
not exactly a secure platform to begin with...
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
of users. Random number generator flaws would seem like
an obvious possibility here.
This is especially disturbing because other actors can now start
doing teardowns on a wide variety of such devices looking to find the
flaws so they can themselves attack the traffic in question.
Perry
--
Perry E
that some voices will say
additional delay harms user experience. Such voices should be
ruthlessly ignored.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com
On Fri, 6 Sep 2013 18:18:05 +0100 Ben Laurie b...@links.org wrote:
On 6 September 2013 18:13, Perry E. Metzger pe...@piermont.com
wrote:
Google is also now (I believe) using PFS on their connections, and
they handle more traffic than anyone. A connection I just made to
https
like it would be valuable for
most Tor nodes to be running newer software anyway.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
, but presumably
it was far from the only target.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
doing so
without realizing they're harming internet security, but we can no
longer presume that is the motive.)
Chrome handles 1.2, there is no longer any real excuse for the others
not to do the same.
Perry
--
Perry E. Metzgerpe...@piermont.com
no credibility, and -- the real problem -- no way for us to
verify anything these people might say.
https://www.schneier.com/blog/archives/2013/09/conspiracy_theo_1.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography
Some interesting nuggets here, including the fact that he explicitly
calls out the existence of NSA's new HUMINT division that infiltrates
corporations for a living.
http://blog.cryptographyengineering.com/2013/09/on-nsa.html
--
Perry E. Metzgerpe...@piermont.com
a one liner
followed by a 75 line intact original, be prepared to see a rejection
message.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
-in-encryption.html
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sat, 07 Sep 2013 09:33:28 +0100
Brian Gladman b...@gladman.plus.com wrote:
On 07/09/2013 01:48, Chris Palmer wrote:
Q: Could the NSA be intercepting downloads of open-source
encryption software and silently replacing these with their own
versions?
Why would they perform the attack
1) Volume has gotten understandably high the last few days given the
current news. I'd like people to please consider if their posting
conveys interesting information before sending.
2) Please adjust the Subject lines of your messages if your posting
deviates from the original Subject. This makes
On Sat, 07 Sep 2013 13:01:53 -0700
Ray Dillinger b...@sonic.net wrote:
I think we can no longer rule out the possibility that some attacker
somewhere (it's easy to point a finger at the NSA but it could be
just as likely pointed at GCHQ or the IDF or Interpol) may have
secretly developed a
On Sat, 7 Sep 2013 13:06:14 -0700
Tony Arcieri basc...@gmail.com wrote:
In order to beat quantum computers, we need to use public key systems
with no (known) quantum attacks, such as lattice-based (NTRU) or
code-based (McEliece/McBits) algorithms. ECC and RSA will no longer
be useful.
I'm
On Sat, 7 Sep 2013 17:46:39 -0400
Derrell Piper d...@electric-loft.org wrote:
On Sep 6, 2013, at 11:51 PM, Marcus D. Leech mle...@ripnet.com
wrote:
The other thing that I find to be a dirty little secret in PK
systems is revocation. OCSP makes things, in some ways, better
than CRLs,
On Sat, 7 Sep 2013 20:43:39 -0400 I wrote:
To my knowledge, there is no ECC analog of Shor's algorithm.
...and it appears I was completely wrong on that.
See, for example: http://arxiv.org/abs/quantph/0301141
Senility gets the best of us.
Perry
___
that it has
acted as an enormous tar baby.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
the corresponding plaintext when any given ciphertext
might correspond to many, many different plaintexts depending
on the key. That's clearly not something you can do.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography
On Sun, 8 Sep 2013 15:55:52 -0400 Thor Lancelot Simon
t...@rek.tjls.com wrote:
On Sun, Sep 08, 2013 at 03:22:32PM -0400, Perry E. Metzger wrote:
Ah, now *this* is potentially interesting. Imagine if you have a
crypto accelerator that generates its IVs by encrypting
information about keys
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at least
in theory, still current?
(I'm also curious as to whether anyone has ever proposed fixes to the
weaknesses in the key schedule...)
Perry
--
Perry E. Metzger
. This clearly shows the dramatic
effect an adversary that controls multiple ASes can have on
security.
Disclaimer: one of the authors (Micah Sherr) is a doctoral brother.
Perry
--
Perry E. Metzgerpe...@piermont.com
should worry about anyway.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Mon, 9 Sep 2013 14:18:41 +0300 Alexander Klimov
alser...@inbox.ru wrote:
On Sun, 8 Sep 2013, Perry E. Metzger wrote:
What's the current state of the art of attacks against AES? Is the
advice that AES-128 is (slightly) more secure than AES-256, at
least in theory, still current?
I am
E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
for saying this, in an environment where the NSA
is spending $250M a year to undermine efforts like your own it is
impossible for third parties to trust black boxes any longer. I think
you may not have absorbed that what a week or two ago was a paranoid
fantasy turns out to be true.
Perry
--
Perry E
On Tue, 10 Sep 2013 00:23:51 +0200 Adam Back a...@cypherspace.org
wrote:
On Mon, Sep 09, 2013 at 06:03:14PM -0400, Perry E. Metzger wrote:
On Mon, 9 Sep 2013 14:07:58 +0300 Alexander Klimov wrote:
No. They are widely used curves and thus a good way to reduce
conspiracy theories
, a week ago this was paranoia, but now we have confirmation, so
it is no longer paranoia.
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
On Tue, 10 Sep 2013 00:25:20 +0100 Peter Fairbrother
zenadsl6...@zen.co.uk wrote:
On 09/09/13 23:03, Perry E. Metzger wrote:
On Mon, 9 Sep 2013, Daniel wrote:
[...] They are widely used curves and thus a good way to reduce
conspiracy theories that they were chosen in some malicious way
+0200
From: Adam Back a...@cypherspace.org
To: Perry E. Metzger pe...@piermont.com
Cc: Alexander Klimov alser...@inbox.ru, Cryptography List
cryptography@metzdowd.com, Adam Back a...@cypherspace.org
Subject: Re: [Cryptography] how could ECC params be subverted other
evidence
Perry wrote
long.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Sun, 8 Sep 2013 15:22:32 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Ah, now *this* is potentially interesting. Imagine if you have a
crypto accelerator that generates its IVs by encrypting information
about keys in use using a key an observer might have or could guess
from a small
precisely this attack.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
in standards work any longer. A set
of short sighted, foolish decisions have created tragedy for all.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
), and have enough key material, a
second key might be of value for that -- but I don't know what all
the ins and outs are, and would prefer to read the literature...
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing
.)
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
that depends on known plaintext, crib dragging (that
is, trying all of the small number of possibilities) is easy.
Perry
--
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com
calculation. If you don't transmit
the IVs at all but calculate them, the system will not interoperate if
the implicit IVs aren't calculated the same way by both sides, thus
ensuring that the covert channel is closed.
Perry
--
Perry E. Metzgerpe...@piermont.com
be fabricated on chip and thus have
nearly zero marginal cost. The huge disadvantage is that if your
opponent can convince chip manufacturers to introduce small changes
into their design, you're in trouble.
Perry
--
Perry E. Metzgerpe...@piermont.com
give you
an IV?
Certainly, but if you remove most or all covert channels, you've
narrowed the problem down to auditing the RNG instead of having to
audit much more of the system. It is all a question of small steps
towards better assurance. No one measure will fix everything.
--
Perry E. Metzger
501 - 600 of 623 matches
Mail list logo
