Re: A mighty fortress is our PKI, Part II

2010-08-04 Thread David-Sarah Hopwood
the real problem: that software is (unnecessarily) run with the full privileges of the invoking user. By all means authenticate software, but that's not going to prevent malware. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com signature.asc Description: OpenPGP digital signature

Re: A mighty fortress is our PKI

2010-07-23 Thread David-Sarah Hopwood
by the proxies. Or am I missing something? -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com signature.asc Description: OpenPGP digital signature

Merkle-Winternitz-HORS signature scheme for Tahoe-LAFS

2010-07-09 Thread David-Sarah Hopwood
:18 AM, David-Sarah Hopwood wrote: Ah, but it will work for a multi-layer Merkle tree scheme, such as GMSS: if keys are generated deterministically from a seed, then the signatures certifying keys at upper layers are also deterministic, so there's no key-reuse problem for those. Right

Re: Merkle-Winternitz-HORS signature scheme for Tahoe-LAFS [correction]

2010-07-09 Thread David-Sarah Hopwood
David-Sarah Hopwood wrote: [snip] There could also be a concern that point 4 above is similar to on-line/off-line signatures as patented by Even, Goldreich and Micali (U.S. patent 5016274, filed in 1988; expires on 14 May 2011). Ah, I calculated the expiration date incorrectly. It was filed

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-08 Thread David-Sarah Hopwood
in the next 50 years. Heh. txg + 32-bit counter == 96-bit IVs sounds like the way to go. I'm confused. How does this allow you to do block-level deduplication, given that the IV (and hence the ciphertext) will be different for every block even when the plaintext is the same? -- David-Sarah Hopwood

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-03 Thread David-Sarah Hopwood
agree that a hash used for dedupe needs to be quite long (256 bits would be nice, but 192 is probably OK). [1] http://hub.opensolaris.org/bin/download/Project+zfs%2Dcrypto/files/zfs%2Dcrypto%2Ddesign.pdf -- David-Sarah Hopwood http://davidsarah.livejournal.com

Re: Question about Shamir secret sharing scheme

2009-10-04 Thread David-Sarah Hopwood
less than t.] -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: how to encrypt and integrity-check with only one key

2009-09-15 Thread David-Sarah Hopwood
Zooko Wilcox-O'Hearn wrote: following-up to my own post: On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote: David-Sarah Hopwood suggested the improvement that the integrity-check value V could be computed as an integrity check (i.e. a secure hash) on the K1_enc in addition