Hi,
Am 2013-09-30 10:16, schrieb ianG:
I'm not really understanding the need for checksums on keys.
Perhaps it is a DLP (Data Leakage Prevention) technology. At least the
same method works great for Creditcard numbers.
Oh, there is a 14 digit number being sent on a unclassified network,
and all
Hi,
What I personally think would be necessary for TLS2:
* At least one quantum-computing resistant algorithm which must be useable
either as replacement for DH+RSA+EC, or preferrably as additional
strength(double encryption) for the transition period.
* Zero-Knowledge password authentication
Hi,
I would suggest Secret Key Splitting (e.g. Shamir's scheme), with an n-out-of-m
scheme. Add decryption instructions, give everyone you trust and who is not
easily discoverable a share of the key, the complete encrypted backups, and
tell them to follow instructions when they believe you are
Hi,
I would suggest Secret Key Splitting (e.g. Shamir's scheme), with an n-out-of-m
scheme. Add decryption instructions, give everyone you trust and who is not
easily discoverable a share of the key, the complete encrypted backups, and
tell them to follow instructions when they believe you are
-availability in those certain
situations.
Please let me know if you hear about any other interesting solutions too.
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
that has reasonable strength and is able
to operate on non-binary data? Preferrably on any chosen number-base?
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
Hi Ben,
http://www.cacert.at/cgi-bin/rngresults
Are you seriously saying that the entropy of FreeBSD /dev/random is 0?
Thanks for the notice, that was a broken upload by a user.
Best regards,
Philipp Gühring
number
generators, we informed the vendors and they fixed them.
http://www.cacert.at/cgi-bin/rngresults
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
saw, so using open/read is
preferred for using /dev/random.
Implementations can be rather easily checked with strace.
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
)
Tamper evidence, Tamper protection, Tamper proof, Tamper resistance ...
As usual, it depends on your threat-models, on your environment, on your
resources, on your enemies, ...
Best regards,
Philipp Gühring
-
The Cryptography
,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
/16777216, then end up with 1/16777216 too much.
(And there is no guarantee that the link layer actually gives you the 1/256.
It could also give you 1/1)
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe
. (And of course, run time version negotiation)
Sounds like an interesting idea to me.
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
they detect the other sysadmin doing something evil, they can simply
disconnect, which also disconnects/freezes the other one)
I would be happy about such an implementation in a SSH server.
(combined with screen perhaps ...)
Best regards,
Philipp Gühring
workaround, yes.
I think SecurityLayer should be easily adaptable to that concept.
Do you already have an demo implementation of that external device, Peter?
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe
TAN solution, and the cost increase of
SMS compared to paper TANs is irrelevant)
So I personally would declare the online-banking problem solved (with SMS as
second channel), but I am still searching for solutions for all others,
especially non-transactional applications.
Best regards,
Philipp
://sig.cacert.at/random/
The service is fully automated online now, so you can easily test your own RNG
now, and compare them to the rest of the market.
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe
% of the certificates in the wild have
Exponents =17
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
he only signs the keys of his friends because of that.
I wonder now, why he didn´t tried to solve that usability/scalability problem
himself yet, but gave up instead.
Best regards,
Philipp Gühring
-
The Cryptography Mailing
enough
yet.)
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
impossible to attestate the
correct usage (to a certain extent, I know about the statistical limitations)
of random numbers with the software I am using to get certificates.
Best regards,
Philipp Gühring
-
The Cryptography Mailing
it that way?
Best regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
to the operating system failing to use the random numbers given.
So since the random numbers might be modified between gathering and using for
the keypair, I thought that I need to evaluate the quality at the end of the
keypair generation.
Best regards,
Philipp Gühring
it.
Regards,
Philipp Gühring
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
25 matches
Mail list logo