Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

2013-10-10 Thread Salz, Rich
TLS was designed to support multiple ciphersuites. Unfortunately this opened the door to downgrade attacks, and transitioning to protocol versions that wouldn't do this was nontrivial. The ciphersuites included all shared certain misfeatures, leading to the current situation. On the

Re: [Cryptography] prism-proof email in the degenerate case

2013-10-10 Thread Salz, Rich
The simple(-minded) idea is that everybody receives everybody's email, but can only read their own. Since everybody gets everything, the metadata is uninteresting and traffic analysis is largely fruitless. Some traffic analysis is still possible based on just message originator. If I see

[Cryptography] P=NP on TV

2013-10-07 Thread Salz, Rich
Last week, the American TV show Elementary (a TV who-done-it) was about the murder of two mathematicians who were working on proof of P=NP. The implications to crypto, and being able to crack into servers was covered. It was mostly accurate, up until the deux ex machine of the of the NSA hiding

Re: [Cryptography] PRISM-Proofing and PRISM-Hardening

2013-09-30 Thread Salz, Rich
Bill said he wanted a piece of paper that could help verify his bank's certificate. I claimed he's in the extreme minority who would do that and he asked for proof. I can only, vaguely, recall that one of the East Coast big banks (or perhaps the only one that is left) at one point had a

Re: [Cryptography] PRISM-Proofing and PRISM-Hardening

2013-09-19 Thread Salz, Rich
I know I would be a lot more comfortable with a way to check the mail against a piece of paper I received directly from my bank. I would say this puts you in the sub 1% of the populace. Most people want to do things online because it is much easier and gets rid of paper. Those are the

Re: [Cryptography] About those fingerprints ...

2013-09-11 Thread Salz, Rich
Yesterday, Apple made the bold, unaudited claim that it will never save the fingerprint data outside of the A7 chip. Why should we trust Cook Co.? I'm not sure it matters. If I want your fingerprint, I'll lift it off your phone. -- Principal Security Engineer Akamai Technology

Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-09 Thread Salz, Rich
➢ then maybe it's not such a silly accusation to think that root CAs are routinely distributed to multinational secret ➢ services to perform MITM session decryption on any form of communication that derives its security from the CA PKI. How would this work, in practice? How would knowing a

Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-09 Thread Salz, Rich
* NSA employees participted throughout, and occupied leadership roles in the committee and among the editors of the documents Slam dunk. If the NSA had wanted it, they would have designed it themselves. The only conclusion for their presence that is rational is to sabotage it [3].