he flaws, but suggests we might consider looking for
a better cipher at this point. The rationale is that AES-256 still provides
a wider security margin.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
ponse:
http://lists.zeromq.org/pipermail/zeromq-dev/2013-October/023009.html
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
expect that Dual_EC_DRBG was their failed attempt to tamper with a
cryptographic standard, and so we would overlook the more sinister and
subtle attempts to tamper with the NIST curves
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzd
On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff wrote:
> I'm sure the driver was written by highly proficient cryptographers,
> and subjected to a meticulous code review.
I'll just leave this here:
http://eprint.iacr.org/2013/338.pdf
ng is they probably didn't.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
m looking seeds, continuing until the curve
parameters, after the seed is run through SHA1, fall into the class that's
known to be weak to them.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
es can radically alter
the interpretation of a file. And on Ruby, it was a remote code execution
vulnerability waiting to happen.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Mon, Sep 30, 2013 at 6:04 PM, Mark Atwood wrote:
> YAML?
>
YAML is a bit insane ;) There's JSON, and also TOML:
https://github.com/mojombo/toml
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.m
ar which is
hopefully regular, context-free, or context-sensitive in a limited manner
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
vote for a
> lot less modes and ciphers. And probably non-NIST curves while we're at
> it.
Sounds like you want CurveCP?
http://curvecp.org/
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
ode?
The theoretical argument against something like this is the resulting C
code is a "weird machine", i.e. ASN.1 cannot be understood by a pushdown
automaton or described by a context-free grammar.
See: http://www.cs.dartmouth.edu/~sergey/langsec/papers/langsec-tr.pd
taged accelerator hardware, stolen keys, etc., and a
> smart attacker goes for the points of weakness.
As a counterpoint to what I was saying earlier, here's a tool that's likely
focusing on the wrong problems:
https://keybase.io/triplesec/
--
Tony Arcieri
_
.
The NSA of course participated in active attacks too, but it seems their
main MO was passive traffic collection.
But yes, endpoint security is weak, and an active attacker would probably
choose that approach over trying to break particular algorithm
t; some real advantages.
I wish there was a term for this sort of design in encryption systems
beyond just "defense in depth". AFAICT there is not such a term.
How about the Failsafe Principle? ;)
--
Tony Arcieri
___
The cryptography mai
on the table if you want to
build a "quantum-proof" system.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
ot better than this
approach.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
ithm is actually on the horizon, or if it falls into a category like
nuclear fusion where work on it drags on indefinitely.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
turning into something you can buy.
I wouldn't be surprised to see a large quantum computer built in the next
two decades.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
eanwhile people seem to think that it's some sort of technique that will
render messages unbreakable forever.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
ntels-ivy-bridge-random-number-generator
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
djb's rationale for Curve25519's parameters are provided in the paper. The
2^255-19 constant was selected by a theorem (see Theorem 2.1):
http://cr.yp.to/ecdh/curve25519-20060209.pdf
--
Tony Arcieri
___
The cryptography mailing list
we're screwed!
Well, aside from maybe this draft supporting Salsa20:
http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
; one is found.
>
The question is... suitable for what? djb argues it could be used to find a
particularly weak curve, depending on what your goals are:
http://i.imgur.com/o6Y19uL.png
(originally from http://www.hyperelliptic.org/tanja/vortraege/201305
ES-128 over AES-256. However, that is not
the case. Here's a relevant page from Schneier's book Cryptography
Engineering in which he recommends AES-256 (or switching to an algorithm
without known attacks):
https://pbs.twimg.com/media/BEvLoglC
or code-based (McEliece/McBits) public key systems are
still considered "post-quantum" algorithms. There are no presently known
quantum algorithms that work against these sorts of systems.
See http://pqcrypto.org/
--
Tony Arcieri
___
The c
On Fri, Sep 6, 2013 at 4:53 PM, Marcus D. Leech wrote:
> One wonders why they weren't already using link encryption systems?
>
Probably line rate and the cost of encrypting every single fiber link.
There are few vendors who sell line rate encryption for 10Gbps+
--
T
the traffic, even with PFS.
Likewise with "perfect" forward secrecy, they can collect and store all
your traffic for the next 10-20 years when they get a large quantum
computer, and decrypt your traffic then.
PFS is far from "perfect"
--
Tony Arcieri
TRU) or code-based
(McEliece/McBits) algorithms. ECC and RSA will no longer be useful.
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
6.arpa/~bauerm/names/DHTsec.pdf
--
Tony Arcieri
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
29 matches
Mail list logo