[Cryptography] Other curves and algos used in France

2013-09-13 Thread Erwann ABALEA
2013/9/10 james hughes hugh...@mac.com

 [...]
 Lastly, going a partial step seems strange also. Why do we what to put
 ourselves through this again so soon? The French government suggests 2048
 now (for both RSA and DHE), and will only last 6 years. From
  http://www.ssi.gouv.fr/IMG/pdf/RGS_B_1.pdf


They also published their own curve (a 256 bits GF(p) one), named FRP256v1 (
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT24668816).
But since they don't provide any detail on the parameters' choice, and the
use of this curve isn't mandatory at all, I prefer the Brainpool ones.

They're also pushing for ECKCDSA adoption, by asking HSM manufacturers to
include this mechanism. I don't know anything on this.

-- 
Erwann.
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: Dell to Add Security Chip to PCs

2005-02-04 Thread Erwann ABALEA
On Wed, 2 Feb 2005, Dan Kaminsky wrote:

 Uh, you *really* have no idea how much the black hat community is
 looking forward to TCPA.  For example, Office is going to have core
 components running inside a protected environment totally immune to
 antivirus.

How? TCPA is only a cryptographic device, and some BIOS code, nothing
else. Does the coming of TCPA chips eliminate the bugs, buffer overflows,
stack overflows, or any other way to execute arbitrary code? If yes, isn't
that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).

  Since these components are going to be managing
 cryptographic operations, the well defined API exposed from within the
 sandbox will have arbitrary content going in, and opaque content coming
 out.  Malware goes in (there's not a executable environment created that
 can't be exploited), sets up shop, has no need to be stealthy due to the
 complete blockage of AV monitors and cleaners, and does what it wants to
 the plaintext and ciphertext (alters content, changes keys) before
 emitting it back out the opaque outbound interface.

I use cryptographic devices everyday, and TCPA is not different than the
present situation. No better, no worse.

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Dell to Add Security Chip to PCs

2005-02-02 Thread Erwann ABALEA
On Wed, 2 Feb 2005, Trei, Peter wrote:

 Seeing as it comes out of the TCG, this is almost certainly
 the enabling hardware for Palladium/NGSCB. Its a part of
 your computer which you may not have full control over.

Please stop relaying FUD. You have full control over your PC, even if this
one is equiped with a TCPA chip. See the TCPA chip as a hardware security
module integrated into your PC. An API exists to use it, and one if the
functions of this API is 'take ownership', which has the effect of
erasing it and regenerating new internal keys.

-- 
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]