On 08/04/14 11:46, ianG wrote:
We have here a rare case of a broad break in a security protocol leading
to compromise of keys.
Though it's an implementation break, not a protocol break.
___
cryptography mailing list
cryptography@randombit.net
On 05/12/13 11:41, coderman wrote:
On Thu, Dec 5, 2013 at 12:13 AM, Matthew Orgass darks...@city-net.com wrote:
...
OTOH, for TLS ChaCha seems to me like the best choice at this point.
let me know when you are able to speak
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 between browser and
On 04/10/13 22:58, Jeffrey Goldberg wrote:
On 2013-10-04, at 4:24 AM, Alan Braggins alan.bragg...@gmail.com wrote:
Surely that's precisely because they (and SSL/TLS generally) _don't_
have a One True Suite, they have a pick a suite, any suite approach?
And for those of us having to choose
On 04/10/13 08:52, Peter Gutmann wrote:
Jon Callas j...@callas.org writes:
In Silent Text, we went far more to the one true ciphersuite philosophy. I
think that Iang's writings on that are brilliant.
Absolutely. The one downside is that you then need to decide what the OTS is
going to be.
On 20/09/13 16:17, Paterson, Kenny wrote:
It is technically secure. See:
http://eprint.iacr.org/2011/615
especially Section 4.
Thanks. I wish I'd known that back in 2008
https://bugzilla.mozilla.org/show_bug.cgi?id=344179#c6
With a pointer to a security proof, I might have got the
firmware
On 06/09/13 21:21, Tony Arcieri wrote:
There are curves not selected by e.g. NIST with a published rationale
for their selection, like Curve25519. Is there any reason why such
curves can't be evaluated retroactively?
http://cr.yp.to/ecdh/curve25519-20060209.pdf
On 20 August 2013 01:46, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
I don't see what the point is though, given that there's more than enough
noisy data available on a general-purpose PC.
A general purpose cloud VM where an attacker has a chance to run his VM
on the same underlying hardware