Re: What if you had a very good entropy source, but only practical at crypto engine installation time?

2010-10-06 Thread Thierry Moreau
management server or an open source HSM and you see a useful feature in self-evident entropy source, don't hesitate to contact me (I would consider an open source contribution if such projects have a reasonable chance of critical mass adoption). Enjoy! Thierry Moreau wrote: See http

Re: Certificate-stealing Trojan

2010-09-29 Thread Thierry Moreau
deploy client certificates. - Marsh - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com -- - Thierry Moreau CONNOTECH Experts-conseils inc

Re: questions about RNGs and FIPS 140

2010-09-07 Thread Thierry Moreau
specification for the US Federal government. Cheers, Ben. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691 - The Cryptography Mailing List

Re: Is determinism a good idea? WAS: questions about RNGs and FIPS 140

2010-08-26 Thread Thierry Moreau
(or periodic operator-assisted maintenance). This project is still active. See http://www.connotech.com/doc_pudec_descr.html . You may see this as a bias in my opinions, but I don't see any benefits in misrepresenting relevant facts and analyzes. Regards, -- - Thierry Moreau CONNOTECH

Re: questions about RNGs and FIPS 140

2010-08-26 Thread Thierry Moreau
the *NIST*approved* status at some point. The above proposal merely shifts the difficulty to the TRNG. Practical Use of Dice for Entropy Collection is unique because the unpredictable process (shuffling dice) has clear and convincing statistical properties. - Thierry Moreau

Re: Fw: [IP] Malware kills 154

2010-08-23 Thread Thierry Moreau
payments, lottery and casino systems). -- - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Is this the first ever practically-deployed use of a threshold scheme?

2010-08-04 Thread Thierry Moreau
is needed, but that is a given irrespective of the underlying crypto). Thanks a lot for your answer! Regards, -- - Thierry Moreau Tanja - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: Is this the first ever practically-deployed use of a threshold scheme?

2010-08-03 Thread Thierry Moreau
in a group with the traitor A, but no other key material. No system UI, but admittedly a coordination nightmare! -- - Thierry Moreau With a two-share XOR it's much simpler, two red LEDs that turn green when the share is added, and you're done. One share is denoted 'A' and the other is denoted 'B

Re: Is this the first ever practically-deployed use of a threshold scheme?

2010-08-02 Thread Thierry Moreau
Peter Gutmann wrote: Thierry Moreau thierry.mor...@connotech.com writes: With the next key generation for DNS root KSK signature key, ICANN may have an opportunity to improve their procedure. What they do will really depend on what their threat model is. I suspect that in this case

Re: Persisting /dev/random state across reboots

2010-07-29 Thread Thierry Moreau
. Only thereafter we get an understanding of good, bad, or more relevant: improved. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691

What if you had a very good entropy source, but only practical at crypto engine installation time?

2010-07-22 Thread Thierry Moreau
saved state. And bingo, you solved the random secret generation issue satisfactorily! Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691

Re: Root Zone DNSSEC Deployment Technical Status Update

2010-07-17 Thread Thierry Moreau
Dear Jakob: Trying to reply specifically. The bigger picture would require extensive background explanations. Jakob Schlyter wrote: On 16 jul 2010, at 19.59, Thierry Moreau wrote: With what was called DURZ (Deliberately Unvalidatable Root Zone), you, security experts, has been trained

Re: Root Zone DNSSEC Deployment Technical Status Update

2010-07-17 Thread Thierry Moreau
Paul Hoffman wrote: At 9:52 AM -0400 7/17/10, Thierry Moreau wrote: Incidentally, you say you [the design team] had good *documented* reasons for implementing DURZ *as*you*did*. Did you document why any of unknown/proprietary/foreign signature algorithm code(s) were not possible

Re: Fw: Root Zone DNSSEC Deployment Technical Status Update

2010-07-16 Thread Thierry Moreau
! Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: What's the state of the art in factorization?

2010-04-22 Thread Thierry Moreau
Victor Duchovni wrote: On Tue, Apr 20, 2010 at 08:58:25PM -0400, Thierry Moreau wrote: The DNS root may be qualified as a high valued zone, but I made the effort to put in writing some elements of a risk analysis (I have an aversion for this notion as I build *IT*controls* and the consultants

Re: What's the state of the art in factorization?

2010-04-22 Thread Thierry Moreau
at ``Provable Security'', Cryptology ePrint Archive: Report 2004/152, available at http://eprint.iacr.org/2004/152.pdf. - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord

Re: What's the state of the art in factorization?

2010-04-22 Thread Thierry Moreau
Florian Weimer wrote: * Thierry Moreau: For which purpose(s) is the DNS root signature key an attractive target? You might be able to make it to CNN if your spin is really good. Thanks for this feedback. No, no, and no. No, because I asked the question as a matter of security analysis

Re: What's the state of the art in factorization?

2010-04-20 Thread Thierry Moreau
, - Thierry Moreau Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Wikileaks video crypto.

2010-04-09 Thread Thierry Moreau
success) can be attributed to the restrictions in cipher strength (respectively impediments to sensible key management schemes) that the government officials promoted for civilian use crypto. My 0.2 worth of wisdom (Friday afternoon special promotion!). - Thierry Moreau

Re: Trusted timestamping

2009-10-05 Thread Thierry Moreau
is(are) the real beneficiary(ies) in a trusted timestamping service, and how do you sell the service to them so that it makes economic sense? Regards, - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending

Re (security fix): A Basic Rabin-Williams Digital Signature Specification

2009-08-19 Thread Thierry Moreau
, - Thierry On Jul 27, 2009, at 10:35 AM, Thierry Moreau wrote: Title and abstract: Scirpo, a Basic Rabin-Williams Digital Signature Specification The public key cryptography digital signatures are well studied since the early publications by academics three decades ago. On the deployment front

A Basic Rabin-Williams Digital Signature Specification

2009-07-27 Thread Thierry Moreau
that the usefulness of this document is limited, so if you do find some value in it, please let me know how the document can be improved for your purpose. If anyone has other comments, I would like to read them. Regards, - Thierry Moreau

Re: Has any public CA ever had their certificate revoked?

2009-05-05 Thread Thierry Moreau
mismanagement of signature private key over some extended period of time? 2.2 ... Regards, -- - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Has any public CA ever had their certificate revoked?

2009-05-05 Thread Thierry Moreau
Paul Hoffman wrote: At 4:11 PM +1200 5/5/09, Peter Gutmann wrote: Thierry Moreau thierry.mor...@connotech.com writes: Now that the main question is answered, there are sub-questions to be asked: 1. Has any public CA ever encountered a situation where a revocation would have been

Re: Who cares about side-channel attacks?

2008-10-30 Thread Thierry Moreau
? Marginally at best. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED

Re: combining entropy

2008-10-24 Thread Thierry Moreau
. Do you really trust that no single source of entropy can have knowledge of the other source's output, so it can surreptitiously correlate its own? I.e, you are are also assuming that these sources are *independent*. -- - Thierry Moreau

Re: RSA modulus record

2008-09-17 Thread Thierry Moreau
retrofitting the probabilistic property in RSA, while probabilistic cryptosystems has been around in academic work amost since the early days of published work on PK crypto. Regards, - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel

Let's be paranoid about CSS (cascaded style sheet) as an application data integrity attack vector!

2008-09-09 Thread Thierry Moreau
specifically, with the hope that paranoia can sometimes be a productive state of mind, I remain paranoid-ly grateful for your answers. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site

Re: Decimal encryption

2008-08-27 Thread Thierry Moreau
of key material reference data (or salt or IV ...). If you have room for such message-specific reference data, it should be easy to design a decimal stream cipher for short messages. -- - Thierry Moreau - The Cryptography

Re: The PKC-only application security model ...

2008-07-24 Thread Thierry Moreau
Eric Rescorla wrote: At Wed, 23 Jul 2008 17:32:02 -0500, Thierry Moreau wrote: Anne Lynn Wheeler wrote about various flavors of certificateless public key operation in various standards, notably in the financial industry. Thanks for reporting those. No doubt that certificateless

Re: The PKC-only application security model ...

2008-07-24 Thread Thierry Moreau
Tom Scavo wrote: On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau [EMAIL PROTECTED] wrote: The document I published on my web site today is focused on fielding certificateless public operations with the TLS protocol which does not support client public keys without certificates - hence

The PKC-only application security model ...

2008-07-23 Thread Thierry Moreau
publication process but no IETF working group is assigned an editorial role). Good reading. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL

Re: The PKC-only application security model ...

2008-07-23 Thread Thierry Moreau
to facilitate the use of client-side PKC. - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions

2008-06-12 Thread Thierry Moreau
in the process of design refinements leading to the actual processor. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED

Re: [Fwd: Secure Server e-Cert Developer e-Cert. Comerica TM Connect Web Bank]

2008-04-23 Thread Thierry Moreau
otherwise. I'm not impressed by the phisher blabla message. -- - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-02-21 Thread Thierry Moreau
not be allowed to modify security-critical parameters on the local machine. According to my records, this issuance process is nonetheless representative of research directions for user enrollment, i.e. there aren't too many other documented processes in this area. Regards, -- - Thierry Moreau

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-01-31 Thread Thierry Moreau
with OSI NLSP or TLSP, you just have to overcome the *power of the installed base*! Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL

Re: More on in-memory zeroisation

2007-12-14 Thread Thierry Moreau
. In the case of volatile declaration, the GCC 4.2.2 compiler gave me a warning that the volatile qualifier was ignored because the memset formal parameter declaration does not match. At least, as a compiler user I get a proper warning message. Regards - Thierry Moreau Original message: Jack Lloyd

Re: More on in-memory zeroisation

2007-12-13 Thread Thierry Moreau
don't want to argue too theoretically. Peter and I just want to clear memory! Kind regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL

Re: More on in-memory zeroisation

2007-12-13 Thread Thierry Moreau
*(*fpt_t)(void *, int, size_t); extern void f(fpt_t arg); int main(int argc, char *argv[]) { f(memset); return EXIT_SUCCESS; } /* I don't want to argue too theoretically. - Thierry Moreau

Re: More on in-memory zeroisation

2007-12-13 Thread Thierry Moreau
Leichter, Jerry wrote: On Wed, 12 Dec 2007, Thierry Moreau wrote: | Date: Wed, 12 Dec 2007 16:24:43 -0500 | From: Thierry Moreau [EMAIL PROTECTED] | To: Leichter, Jerry [EMAIL PROTECTED] | Cc: Peter Gutmann [EMAIL PROTECTED], cryptography@metzdowd.com | Subject: Re: More on in-memory

Re: question re practical use of secret sharing

2007-06-22 Thread Thierry Moreau
to diplomats and like individuals. (A DHS sponsored study even ignored or downplayed mere split key storage for protecting the DNSSEC root private key.) Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691

Rabin-Williams exponent 2 is not at stake, never been (WAS: Exponent 3 damage spreads...)

2006-09-14 Thread Thierry Moreau
of low-exponent RSA. This being said, I don't want to participate in a further debate Rabin-Williams vs low exponent RSA. I just whish to limit the misrepresentations about the Rabin-Williams family of cryptosystems. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de

Re: Exponent 3 damage spreads...

2006-09-11 Thread Thierry Moreau
signature s Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED

Re: DNS/DNSSEC as an inbound mail signature public key distribution mechanism (was: signing all outbound email)

2006-09-08 Thread Thierry Moreau
. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] - The Cryptography

Re: Status of opportunistic encryption

2006-06-04 Thread Thierry Moreau
Thomas Harold wrote, in part: I do suspect at some point that the lightweight nature of DNS will give way to a heavier, encrypted or signed protocol. Economic factors will probably be the driving force (online banking). E.g. RFC4033, RFC4034, RFC4035. - Thierry

Re: what's wrong with HMAC?

2006-05-01 Thread Thierry Moreau
opinion at that time. All theories are equal, but some theories are more equal than others ... Have fun! -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e

Re: thoughts on one time pads

2006-01-26 Thread Thierry Moreau
to sample it and at which rate, and with which protection against eavesdroping during the sampling? At what cost? With what kind of design assurance that the pure random data is indeed pure and random? Have fun. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal

Re: Another entry in the internet security hall of shame....

2005-09-10 Thread Thierry Moreau
the *authorization* management overhead. Fun, Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED

Re: Standardization and renewability

2005-08-04 Thread Thierry Moreau
. [...] -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED

A Note About Trust Anchor Key Distribution

2005-07-06 Thread Thierry Moreau
: #i,R[i],N[i],P[i],s[i]# . Upon receipt of this messsage, the end-user system becomes in a position to validate the root key digest #D[i]#. More details are provided in http://www.connotech.com/takrem.pdf. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier

Re: [Clips] Storm Brews Over Encryption 'Safe Harbor' in Data Breach Bills

2005-06-03 Thread Thierry Moreau
acceptable encryption technology and key management techniques ... which is no longer a simple solution. Thanks for highlighting the limits of the original post, either on a technical basis or on issues of lawmaking strategy. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de

Re: No Encryption for E-Passports

2005-03-07 Thread Thierry Moreau
See the following comments submitted to the Department of State - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED

Re: New directions for hash function designs (was: More problems with hash functions)

2004-08-25 Thread Thierry Moreau
can help define other constructs for hash functions. Obviously, if the sate information is to end up in a standard size at the end of the plaintext processing, the additional state information has to be folded, which means additional processing costs, of discarded. -- - Thierry Moreau CONNOTECH

Re: Definitions of Security?

2004-04-14 Thread Thierry Moreau
Need a New Definition of Information Security, Computers Security, vol 22, no. 4, May 2003, 2003, pages 308-313. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail

Inescapable public key property of secret key transport?

2003-12-09 Thread Thierry Moreau
or property in the transported key. So, the questions is how are the two properties (inescapable public key property and inescapable secret key processing rules) addressed in the existing key establishment protocols? Thanks in advance! -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place