Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

. Maybe study ZRTP and tcpcrypt for comparison. Don't try to study foolscap, even though it is a very interesting practical approach, because there doesn't exist documentation of the protocol at the right level for you to learn from. Regards, Zooko https://LeastAuthority.com ← verifiably end

Re: [Cryptography] Why prefer symmetric crypto over public key crypto?

safer than RSA-PSS is with regard to this issue. Regards, Zooko ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] People should turn on PFS in TLS

neighborhood TLS implementor to move fast on http://tools.ietf.org/id/draft-josefsson-salsa20-tls-02.txt . Regards, Zooko ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Keeping backups (was Re: Separating concerns

there was an automated thing in Time Machine to let me trade backups with an offsite friend as well. The Least-Authority Filesystem comes with a nice backup tool (tahoe backup), but it does not come with a nice GUI for your non-technical friends. Regards, Zooko

[Cryptography] Open Letter to Phil Zimmermann and Jon Callas of Silent Circle, On The Closure of the “Silent Mail” Service

*backup*, and a secure cloud storage API that people use to build other services. So we aren't competitors.) Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com Freedom matters. ___ The cryptography mailing list

Re: [Cryptography] What is the state of patents on elliptic curve cryptography?

Here's a nice resource: RFC 6090! https://tools.ietf.org/html/rfc6090 Also relevant: http://cr.yp.to/ecdh/patents.html I'd be keen to see a list of potentially-relevant patents which have expired or are due to expire within the next 5 years. Regards, Zooko Wilcox-O'Hearn Founder, CEO

[Cryptography] LeastAuthority.com announces PRISM-proof storage service

encryption. It is possible. It isn't easy, but we just might make it! We welcome criticism, suggestions, and requests from you all. Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com Freedom matters

Tahoe-LAFS developers' statement on backdoors

than the current core developers are possible. In that event, we would try to persuade any such forks to adopt a similar policy. The following Tahoe-LAFS developers agree with this statement: David-Sarah Hopwood Zooko Wilcox-O'Hearn Brian Warner Kevan Carstensen Frédéric Marti Jack Lloyd François

ANNOUNCING Tahoe, the Least-Authority File System, v1.8.0

and Zooko Wilcox-O'Hearn on behalf of the Tahoe-LAFS team September 23, 2010 Rainhill, Merseyside, UK and Boulder, Colorado, USA [1] http://tahoe-lafs.org/trac/tahoe/browser/relnotes.txt?rev=4579 [2] http://tahoe-lafs.org/trac/tahoe/browser/NEWS?rev=4732 [3] http://tahoe-lafs.org/trac/tahoe/wiki

ANNOUNCING Tahoe, the Least-Authority File System, v1.7.1

of love by volunteers. Thank you very much to the team of hackers in the public interest who make Tahoe-LAFS possible. David-Sarah Hopwood and Zooko Wilcox-O'Hearn on behalf of the Tahoe-LAFS team July 18, 2010 Rainhill, Merseyside, UK and Boulder, Colorado, USA [1] http://tahoe-lafs.org/trac

Re: 1280-Bit RSA

with a better demonstration that they were generated with any possible back door than do the NIST curves [3]. Regards, Zooko [1] http://www.keylength.com/ [2] http://bench.cr.yp.to/results-sign.html [3] http://www.ecc-brainpool.org/download/draft-lochter-pkix-brainpool-ecc-00.txt

What's the state of the art in digital signatures? Re: What's the state of the art in factorization?

has good properties (efficiency, simplicity, ease of implementation) and which is based on substantially different ideas and which isn't currently under patent protection (therefore excluding NTRUSign). Any ideas? [1] http://eprint.iacr.org/2007/019 Regards, Zooko

Re: [cryptography] What's the state of the art in factorization?

lector. Regards, Zooko - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

What's the state of the art in digital signatures? Re: What's the state of the art in factorization?

On Thu, Apr 22, 2010 at 12:40 PM, Jonathan Katz jk...@cs.umd.edu wrote: On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote: Unless I misunderstand, if you read someone's plaintext without having the private key then you have proven that P=NP! … The paper you cite reduces security to a hard

Merkle Signature Scheme is the most secure signature scheme possible for general-purpose use

on to talk about more Tahoe-LAFS-specific engineering considerations and expose my ignorance about exactly what properties are required of the underlying secure hash functions. Regards, Zooko - The Cryptography Mailing List

ANNOUNCING Tahoe, the Least-Authority File System, v1.7.0

. Regards, Zooko ANNOUNCING Tahoe, the Least-Authority File System, v1.7.0 The Tahoe-LAFS team is pleased to announce the immediate availability of version 1.7.0 of Tahoe-LAFS, an extremely reliable distributed storage system. Tahoe-LAFS is the first distributed storage system which offers

Re: What's the state of the art in factorization?

against key-leakage attacks, as well as an oblivious transfer protocol that is secure against semi-honest adversaries. Unless I misunderstand, if you read someone's plaintext without having the private key then you have proven that P=NP! Nice. :-) Regards, Zooko

Re: What's the state of the art in factorization?

! Unfortunately that one in particular doesn't provide digital signatures, only public key encryption, and what I most need for the One Hundred Year Cryptography project is digital signatures. Regards, Zooko [1] http://allmydata.org/pipermail/tahoe-dev/2010-April/date.html [2] http

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

on the MAC and you want 128-bit crypto strength) or something in between. Regards, Zooko - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

hedging our bets -- in case SHA-256 turns out to be insecure

to be much stronger than H1 or H2 alone. Regards, Zooko [1] http://extendedsubset.com/Renegotiating_TLS.pdf [2] http://allmydata.org/trac/tahoe/wiki/NewCaps/WhatCouldGoWrong [3] http://bench.cr.yp.to/results-hash.html#arm-apollo [4] Krzysztof Pietrzak: Non-Trivial Black-Box Combiners

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

and birth number or other such guaranteed-unique data instead of storing an IV? (Apropos recent discussion on the cryptography list [2].) Regards, Zooko [1] http://hub.opensolaris.org/bin/download/Project+zfs%2Dcrypto/ files/zfs%2Dcrypto%2Ddesign.pdf [2] http://www.mail-archive.com

deterministic random numbers in crypto protocols -- Re: Possibly questionable security decisions in DNS root management

to the prescribed technique? Regards, Zooko P.S. If you read this letter all the way to the end then please let me know. I try to make them short, but sometimes I think they are too long and make too many assumptions about what the reader already knows. Did this message make sense

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

he finds the current solution unsatisfactory, perhaps because he assumed the audience already shared his view. (I think he mentioned something in his letter like the well-known failures of the SSL/CA approach to this problem.) Regards, Zooko

Re: how to encrypt and integrity-check with only one key

following-up to my own post: On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote: David-Sarah Hopwood suggested the improvement that the integrity- check value V could be computed as an integrity check (i.e. a secure hash) on the K1_enc in addition to the file contents. Oops

Re: RNG using AES CTR as encryption algorithm

And while you are at it, please implement these test vectors and report to Niels Ferguson: http://blogs.msdn.com/si_team/archive/2006/05/19/aes-test-vectors.aspx Regards, Zooko - The Cryptography Mailing List Unsubscribe

Re: so how do *you* manage your keys, then? part 3

]. If any smart cryptographer or hacker reading this wants to create secure, decentralized storage, please join us! We could use the help! :-) Regards, Zooko [1] http://allmydata.org/~zooko/lafs.pdf [2] http://allmydata.org/pipermail/tahoe-dev/2009-June/001995.html [3] http://allmydata.org

Re: [tahoe-dev] a crypto puzzle about digital signatures and future compatibility

On Thursday,2009-08-27, at 19:14 , James A. Donald wrote: Zooko Wilcox-O'Hearn wrote: Right, and if we add algorithm agility then this attack is possible even if both SHA-2 and SHA-3 are perfectly secure! Consider this variation of the scenario: Alice generates a filecap and gives

so how do *you* manage your keys, then? part 3

of this series will be about Tahoe-LAFS directories (those are the most convenient way to bundle together multiple caps -- put them all into a directory and then use the cap which points to that directory). Installment 5 will be about future work and new crypto ideas. Regards, Zooko [1

a crypto puzzle about digital signatures and future compatibility

the file and then pass it on to his trusted, v1.7-using, partner? Hm... This at least suggests that the v1.7 readers need to check *all* hashes that are offered and raise an alarm if some verify and others don't. Is that good enough? :-/ Regards, Zooko [1] http://www.mail-archive.com

Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git

people who keep their Tahoe-LAFS caps more securely, on Unix filesystems, on encrypted USB keys, etc.. Regards, Zooko [*] Linus Torvalds got the idea of a Cryptographic Hash Function Directed Acyclic Graph structure from an earlier distributed revision control tool named Monotone. He

Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git

On Wednesday,2009-08-19, at 10:05 , Jack Lloyd wrote: On Wed, Aug 19, 2009 at 09:28:45AM -0600, Zooko Wilcox-O'Hearn wrote: [*] Linus Torvalds got the idea of a Cryptographic Hash Function Directed Acyclic Graph structure from an earlier distributed revision control tool named Monotone

strong claims about encryption safety Re: [tahoe-dev] cleversafe says: 3 Reasons Why Encryption isOverrated

consider to be the most important issue for practical security of systems like these. Regards, Zooko, writing e-mail on his lunch break [1] http://dev.cleversafe.org/weblog/?p=63 [2] http://dev.cleversafe.org/weblog/?p=95 [3] http://dev.cleversafe.org/weblog/?p=111 [4] http

Re: [tahoe-dev] cleversafe says: 3 Reasons Why Encryption isOverrated

archive: http://www.mail-archive.com/cryptography@metzdowd.com/msg10680.html Here it is on the tahoe-dev mailing list archive. Note that threading is screwed up in our mailing list archive. :-( http://allmydata.org/pipermail/tahoe-dev/2009-August/subject.html#start Regards, Zooko

Re: [tahoe-dev] cleversafe says: 3 Reasons Why Encryption isOverrated

On Monday,2009-08-10, at 13:47 , Zooko Wilcox-O'Hearn wrote: This conversation has bifurcated, Oh, and while I don't mind if people want to talk about this on the tahoe-dev list, it doesn't have that much to do with tahoe-lafs anymore, now that we're done comparing Tahoe-LAFS

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

[dropping tahoe-dev from Cc:] On Thursday,2009-08-06, at 2:52 , Ben Laurie wrote: Zooko Wilcox-O'Hearn wrote: I don't think there is any basis to the claims that Cleversafe makes that their erasure-coding (Information Dispersal)-based system is fundamentally safer ... Surely

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

or on your corporate server. The Cleversafe FUD doesn't help people understand the issues better. Regards, Zooko [1] http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html [2] http://allmydata.org/pipermail/tahoe-dev/2009-August/002514.html [*] Somebody stated on a mailing list

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

modern cryptosystems and in many cases would not be necessary either. Okay I think that's it. I hope these notes are not so terse as to be confusing or inflammatory. Regards, Zooko Wilcox-O'Hearn [1] http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html [2] http://allmydata.org

Re: Fast MAC algorithms?

Poly1305 to VMAC, please report your measurement, at least to me privately if not to the list. I can use that sort of feedback to contribute improvements to the Crypto++ library. Thanks! Regards, Zooko Wilcox-O'Hearn --- Tahoe, the Least-Authority Filesystem -- http://allmydata.org store

ANNOUNCING Tahoe, the Lofty-Atmospheric Filesystem, v1.5

will be added to the Hall Of Fame at http://hacktahoe.org . :-) Regards, Zooko --- The Tahoe-LAFS team is pleased to announce the immediate availability of version 1.5 of Tahoe, the Lofty Atmospheric File System. Tahoe-LAFS is the first cloud storage technology which offers security and privacy

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

. http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html Jason Resch of cleversafe has also been participating in the discussion on that list. Regards, Zooko - The Cryptography Mailing List Unsubscribe by sending

cleversafe says: 3 Reasons Why Encryption is Overrated

). But, it is time for me to stop reading about cryptography and get ready to go to work. :-) Regards Zooko --- Tahoe, the Least-Authority Filesystem -- http://allmydata.org store your data: $10/month -- http://allmydata.com/?tracking=zsig I am available for work -- http://zooko.com/résumé.html

Re: 112-bit prime ECDLP solved

On Sunday,2009-07-19, at 13:24 , Paul Hoffman wrote: At 7:54 AM -0600 7/18/09, Zooko Wilcox-O'Hearn wrote: This involves deciding whether a 192-bit elliptic curve public key is strong enough... Why not just go with 256-bit EC (128-bit symmetric strength)? Is the 8 bytes per signature

Re: 112-bit prime ECDLP solved

...@echeque.com to the list of addresses that can post to tahoe-dev without being subscribed. Regards, Zooko - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

why hyperelliptic curves?

(in addition to RSA and ECDSA for backward compatibility). Regards, Zooko Wilcox-O'Hearn P.S. Oh, I told a lie in the interests of brevity when I said that file handles contain actual public keys or actual private keys. RSA keys are way too big for that. So instead we go through interesting

Re: Warning! New cryptographic modes!

- based access control scheme. Regards, Zooko [1] http://allmydata.org [2] http://allmydata.org/trac/tahoe/browser/docs/architecture.txt [3] http://duplicity.nongnu.org [4] http://podcast.utos.org/index.php?id=52

ANNOUNCING Tahoe-LAFS v1.4

support. Zooko Wilcox-O'Hearn on behalf of the allmydata.org team Special acknowledgment goes to Brian Warner, whose superb engineering skills and dedication are primarily responsible for the Tahoe implementation, and significantly responsible for the Tahoe design as well, not to mention most

ANNOUNCING allmydata.org Tahoe, the Least-Authority Filesystem, v1.3

, or malicious. Such ambitious security goals benefit greatly from public criticism and review, so please kick the tires and let us know what you think. Regards, Zooko ANNOUNCING allmydata.org Tahoe, the Least-Authority Filesystem, v1.3 We are pleased to announce the release of version 1.3.0

Re: Proof of Work - atmospheric carbon

of these currencies? My white paper could use a little updating, but the basic conclusions remain sound: http://www.taugh.com/epostage.pdf Thanks! I'll read this. Regards, Zooko - The Cryptography Mailing List Unsubscribe

Re: ADMIN: no money politics, please

being involved in a project that might lead to a third attempt. Regards, Zooko --- http://allmydata.org -- Tahoe, the Least-Authority Filesystem http://allmydata.com -- back up all your files for $10/month - The Cryptography

multicore hash functions (was: 5x speedup for AES using SSE5?)

to think about parallelism of hash functions, I'm all ears. Thanks, Zooko --- http://allmydata.org -- Tahoe, the Least-Authority Filesystem http://allmydata.com -- back up all your files for $5/month - The Cryptography

ANNOUNCING Allmydata.org Tahoe, the Least-Authority Filesystem, v1.2

Dear people of the Cryptography mailing list: The Hack Tahoe! contest (http://hacktahoe.org ) has already led a security researchers to spot a flaw in our crypto design. This release fixes that flaw. Regards, Zooko ANNOUNCING Allmydata.org Tahoe, the Least-Authority Filesystem, v1.2

ANNOUNCING the Hack Tahoe! contest

Folks: This contest is inspired by Sameer Parekh's Hack Netscape! contest in the fall of 1995. It is already eliciting some really good security insights from smart people. Regards, Zooko ANNOUNCING the Hack Tahoe! contest http://hacktahoe.org Tahoe, the Least-Authority Filesystem

Re: how bad is IPETEE?

Obfuscated TCP: http://code.google.com/p/obstcp/ One of the design constraints for Obfuscated TCP was that an Obfuscated TCP connection is required to take zero more round trips to set up and use than a normal TCP connection. Way to go, Adam! Regards, Zooko

Re: Why doesn't Sun release the crypto module of the OpenSPARC?

, Zooko [1] https://financialcryptography.com/mt/archives/001064.html [2] http://www.creativedestruction.com/archives/000937.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Why doesn't Sun release the crypto module of the OpenSPARC?

that it would be illegal to release it, or threatened them with unfortunate coincidences if they went ahead, or persuaded them that GPL'ing it would aid terrorists and cause the needless deaths of innocents. Regards, Zooko

Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions!

-name for the most recent OpenSPARC -- its product name is T2.) Appended is my reply. If anyone on this list knows more about the relevant export regulations, please share. Regards, Zooko [1] http://www.opensparc.net/opensparc-t2/downloads.html [2] http://www.mail-archive.com/cryptography

ANNOUNCING Allmydata.org Tahoe, the Least-Authority Filesystem, v1.1

, bug reports, suggestions, demands, and money (employing several allmydata.org Tahoe hackers and instructing them to spend part of their work time on this free-software project). We are eternally grateful! Zooko O'Whielacronx on behalf of the allmydata.org team June 11, 2008 San Francisco

Re: The perils of security tools

On May 24, 2008, at 9:18 PM, Steven M. Bellovin wrote: I believe that all open source Unix-like systems have /dev/random and /dev/urandom; Solaris does as well. By the way, Solaris is an open source Unix-like system nowadays. ;-) Regards, Zooko

OpenSparc -- the open source chip (except for the crypto parts)

, and the Sun open source ombudsman, Simon Phipps. None of them ever wrote back. This experience rather dampened my enthusiasm about relying on T2 hardware as a higher-assurance, but still pretty commodified, crypto implementation. Regards, Zooko

Re: [p2p-hackers] convergent encryption reconsidered -- salting and key-strengthening

I will be forced to rely on an argument of the other form -- that users are unlikely to use it in an unsafe way. Thank you again for your thoughtful comments on this issue. Regards, Zooko O'Whielacronx - The Cryptography

convergent encryption reconsidered -- salting and key-strengthening

further ideas, especially as would be relevant to the Tahoe Least-Authority Filesystem, I would love to hear them. Regards, Zooko O'Whielacronx [1] http://copacobana.org/ - The Cryptography Mailing List Unsubscribe by sending

Re: [p2p-hackers] convergent encryption reconsidered

it with files that she intended not to divulge, but that were susceptible to being brute-forced in this way by an attacker. On Mar 20, 2008, at 10:56 PM, Jim McCoy wrote: On Mar 20, 2008, at 12:42 PM, zooko wrote: Security engineers have always appreciated that convergent encryption allows

announcing allmydata.org Tahoe, the Least-Authority Filesystem, v1.0

, demands, and money (employing several allmydata.org Tahoe hackers and instructing them to spend part of their work time on this free-software project). We are eternally grateful! Zooko O'Whielacronx on behalf of the allmydata.org team March 25, 2008 San Francisco, California, USA [1] http

convergent encryption reconsidered

(This is an ASCII rendering of https://zooko.com/ convergent_encryption_reconsidered.html .) Convergent Encryption Reconsidered Written by Zooko Wilcox-O'Hearn, documenting ideas due to Drew Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20. Abstract

Fwd: [tahoe-dev] [p2p-hackers] convergent encryption reconsidered

Dear Perry Metzger: Jim McCoy asked me to forward this, as he is not subscribed to cryptography@metzdowd.com, so his posting bounced. Regards, Zooko Begin forwarded message: From: Jim McCoy [EMAIL PROTECTED] Date: March 20, 2008 10:56:58 PM MDT To: theory and practice of decentralized

announcing allmydata.org Tahoe v0.9

. Allmydata, Inc. contributes hardware, software, ideas, bug reports, suggestions, demands, and money (employing several allmydata.org Tahoe hackers and allowing them to spend part of their work time on the next-generation, free-software project). We are eternally grateful! Zooko O'Whielacronx

announcing allmydata.org Tahoe v0.8

to spend part of their work time on the next-generation, free-software project). We are eternally grateful! Zooko O'Whielacronx on behalf of the allmydata.org team February 15, 2008 Boulder, Colorado, USA [1] http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=1805 [2] http

Re: [tahoe-dev] Surely M$ can patent this process?

on it before the May 2000 patent submission by Doceur et al., but Mojo Nation and Freenet each published the idea shortly after May 2000. According to my limited understanding of patent law, this means that they don't count as prior art on that patent. Regards, Zooko [1] http

Re: crypto class design

on it? I'm curious if your crypto library is to be implemented by use of another one, perhaps an open-source one that I am familiar with. Nowadays I prefer Crypto++ [1]. Regards, Zooko [1] http://cryptopp.com

Re: Fingerprint Firefox Plugin?

them to short hand-written notes is what the Pet Name Toolbar automates for you: https://addons.mozilla.org/en-US/firefox/addon/957 Please let us know how it works for you. Regards, Zooko - The Cryptography Mailing List

Re: no surprise - Sun fails to open source the crypto part of Java

at the time was to avoid the risk of Java being export-controlled as crypto. The theory within Sun was that crypto with a hole would be free from export controls but also be useful for programmers. Regards, Zooko - The Cryptography

switching from SHA-1 to Tiger ?

function is more important than speed in encryption. By the way, the traditional practice of using a hash function as a component of a MAC should, in my humble opinion, be retired in favor of the Carter-Wegman alternative such as Poly-1305 AES [7]. Regards, Zooko [1] http://allmydata.com/ [2

Re: The Pointlessness of the MD5 attacks

is vulnerable to Charles's choice of package because she trusts Bob to choose packages and Bob trusts Charles to provide image files. And because they are using a non-collision-resistant hash function. Regards, Zooko - The Cryptography

Re: potential new IETF WG on anonymous IPSec

On 2004, Sep 11, , at 17:20, Sandy Harris wrote: Zooko O'Whielcronx wrote: I believe that in the context of e-mail [1, 2, 3, 4] and FreeSWAN this is called opportunistic encryption. That is certainly not what FreeS/WAN meant by opportunistic encryption. http://www.freeswan.org/freeswan_trees

Re: Humorous anti-SSL PR

of such ideas, but I have not yet read your book on TLS. Thanks, Zooko [1] http://www.terisa.com/shttp/current.txt - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Protection against offline dictionary attack on static files

://www.cse.ucsc.edu/~abadi [2] http://research.microsoft.com/users/needham/ [3] http://citeseer.nj.nec.com/manber96simple.html [4] http://www.cse.ucsc.edu/~abadi/Papers/pwd-revised.ps Regards, Zooko - The Cryptography Mailing List

Re: Simple SSL/TLS - Some Questions

misunderstood your desiderata though, so don't take my word for it. ;-) Regards, Zooko License | Hackers like accepting code under it | | Combine with proprietary and redistribute | | | Combine with GPL'ed code and redistribute

Strong-Enough Pseudonymity as Functional Anonymity

, Zooko the Zoogulant - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: anonymous DH MITM

peripheral. The same qualities would arise if this were implemented with a different commitment protocol, such as sending a secure hash of the tuple of (my_message, a_random_nonce). Regards, Zooko http://zooko.com/log.html

Re: OOAPI-SSL/TLS (Was: Simple SSL/TLS - Some Questions)

) will make the scripting language glue code for you automatically. I use SWIG and like it. They say that the new SWIG handles templates better than good old 1.1. I haven't tried SWIG on Crypto++. I would really *like* for someone else to do so and share the results... Regards, Zooko

Re: anonymous DH MITM

Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85, which are on my shelf. Where was it published? R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM, 27:393-395, April 1984.

Re: anonymous DH MITM

that requirement, but I'm not sure it is the same definition that other people are thinking of. Anyway, it is a funny and underappreciated niche in cryptography, IMO. AFAIK nobody has yet spelled out in the open literature what the actual theoretical limitations are. Regards, Zooko http

Re: Announcing httpsy://, a YURL scheme

for him to see. Regards, Zooko http://zooko.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Announcing httpsy://, a YURL scheme

applies to remote filesystems. It is an excellent idea. Regards, Zooko - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: replay integrity

for these sorts of apps, but I am saying that the notion of replay-prevention and integrity which is implemented in TLS is insufficient for these sorts of apps, and that I'm interested in attempts to offer a higher-level abstraction. Regards, Zooko http://zooko.com/ ^-- under re