the real problem: that software
is (unnecessarily) run with the full privileges of the invoking user.
By all means authenticate software, but that's not going to prevent malware.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
by the proxies. Or am I missing something?
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
:18 AM, David-Sarah Hopwood wrote:
Ah, but it will work for a multi-layer Merkle tree scheme, such as
GMSS: if keys are generated deterministically from a seed, then the
signatures certifying keys at upper layers are also deterministic, so
there's no key-reuse problem for those.
Right
David-Sarah Hopwood wrote:
[snip]
There could also be a concern that point 4 above is similar to
on-line/off-line signatures as patented by Even, Goldreich and Micali
(U.S. patent 5016274, filed in 1988; expires on 14 May 2011).
Ah, I calculated the expiration date incorrectly. It was filed
in the next 50 years.
Heh. txg + 32-bit counter == 96-bit IVs sounds like the way to go.
I'm confused. How does this allow you to do block-level deduplication,
given that the IV (and hence the ciphertext) will be different for every
block even when the plaintext is the same?
--
David-Sarah Hopwood
agree that a hash used for dedupe needs to be quite long
(256 bits would be nice, but 192 is probably OK).
[1]
http://hub.opensolaris.org/bin/download/Project+zfs%2Dcrypto/files/zfs%2Dcrypto%2Ddesign.pdf
--
David-Sarah Hopwood http://davidsarah.livejournal.com
less than t.]
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Zooko Wilcox-O'Hearn wrote:
following-up to my own post:
On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
David-Sarah Hopwood suggested the improvement that the integrity-check
value V could be computed as an integrity check (i.e. a secure hash)
on the K1_enc in addition
