t be addressed now ( P(Y) unknown as t=0! ).
That's my usual list of questions. They may or may not apply to your
situation.
Thanks for sharing this.
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
current noise source:
- thermal noise
- excess current noise caused by the above resistor material construction
Noise sources to be reduced (as a matter of sampling approach coherency)
- electrostatic ...
- electromagnetic ...
Any thoughts?
Regard
important lessons, as a straightforward
solution path for a basic and recurring issue in IT security. Yet, the
difficult aspects of applied cryptography remain difficult, the document
being explicit about them.
Thus, why TLS?
- Thierry Moreau
___
cr
ic threat models, its large size
=
Who wants to be optimistic with respect to threat models in the current
IT landscape?
Do you?
(I much liked what I glimpsed from the original post.)
- Thierry Moreau
makes it look rather inco
forensic tool created for them more than they
need the data on this specific iPhone (as I initially guessed), the risk
of a bad ruling for them would be a major step back in their creative
procurement of forensic tools. Hence the USG would prefer no ruling.
Regards,
- Thierry Moreau
or not making a contribution out of my opinion
(you may use this message as you see fit).
Thanks in advance for comments!
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
or not making a contribution out of my opinion
(you may use this message as you see fit).
Thanks in advance for comments!
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Hi,
Here is a quick review of the FIDO alliance authentication proposal [1].
After looking superficially at the specifications documentation [2], I
came to the tentative summary below. I did not feel a need to delve into
the companion documentation set [3].
Core cryptographic principles:
On 05/12/15 00:16, ianG wrote:
On 11/05/2015 17:56 pm, Thierry Moreau wrote:
On 05/09/15 11:18, ianG wrote:
Workshop on Elliptic Curve Cryptography Standards
June 11-12, 2015
I doubt the foremost questions will be addressed:
To which extent NSA influence motivates NIST in advancing the ECC
,
but the very challenges of an efficient secure hash algorithm seems to
be the root cause, and not the NIST competition process.
With ECC, I have less confidence in NIST ability to leverage the
cryptographic community contributions.
- Thierry Moreau
offered for cryptographic purposes but I have just a vague
idea of whether and how the open source community might move in this
direction.
Entropy is forever ... until a data leak occurs.
A diamond is forever ... until burglars break in.
Regards,
- Thierry Moreau
Hi,
here is this new document:
The Evanescent Security Module, Concepts and Linux Usage Strategies
http://www.connotech.com/doc_ei_secomd.html
(Not an April fool announcement despite the funny name for an HSM!)
Enjoy!
- Thierry Moreau
Hi,
here is this new document:
The Evanescent Security Module, Concepts and Linux Usage Strategies
http://www.connotech.com/doc_ei_secmod.html (corrected URL)
(Not an April fool announcement despite the funny name for an HSM!)
Enjoy!
- Thierry Moreau
an RSA
technology license acquired prior to RSADSI, and they use certificates
without the ASN.1/X.509 paradigms.
Regards,
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
comsec disclosures may be finally getting legs,
not yet long, but more than NDA-official secrecy paralysis.
Any other cryptographer attacked (as if it would be known)?
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http
of underlying principles (hint:
don't start by reverse engineering the PKCS#12 specifications).
You may want to do it best practice and there you go.
Good luck
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http
: they have much more
freedom when doing otherwise.
Have fun with key management challenges!
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Tony Arcieri wrote:
On Thu, Jan 9, 2014 at 7:51 AM, Thierry Moreau
thierry.mor...@connotech.com mailto:thierry.mor...@connotech.com wrote:
I would suggest that the DNSSEC deployment at the root would be a
good case study for IT security management, from an historic
perspective
ianG wrote:
On 18/11/13 20:58 PM, Thierry Moreau wrote:
ianG wrote:
On 18/11/13 10:27 AM, ianG wrote:
In the cryptogram sent over the weekend, Bruce Schneier talks about how
to design protocols to stop backdoors. Comments?
To respond...
https://www.schneier.com/blog/archives/2013/10
agree with. Packets should be deterministically created
by the sender, and they should be verifiable by the recipient.
Then you lose the better theoretical foundations of probabilistic
signature schemes ...
--
- Thierry Moreau
___
cryptography
enrolled while in fact it no longer works).
Solving this issue in your experiment is going to re-introduce much of
the PKI complexity.
Sorry for asking tough questions, but maybe they would pop up sooner or
later if this experiment goes forward.
--
- Thierry Moreau
to raise their awareness and self-defense
against client system insecurity (seldom a cryptographer achievement).
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
a MITM arrangement is a useful
line of defense.
I question the marginal benefit of upgrading from a deployed base where
DH was omitted at the outset, under the PFS argument alone.
Regards,
- Thierry
Adam
On Thu, Jul 04, 2013 at 11:16:21AM -0400, Thierry Moreau wrote:
Thanks to Nico
project, you might find
that GPG is an overkill when only hash/signature validation is required.
This is sort of a trusting trust question.
So you knew the answer already.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385
exhaustion (the time we discuss this vs others ...).
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography@randombit.net
http
Peter Gutmann wrote:
Jeffrey Walton noloa...@gmail.com writes:
Android 4.0 and above also offer a Keychain (
http://developer.android.com/reference/android/security/KeyChain.html). If
using a lesser version, use a Keystore (
http://developer.android.com/reference/java/security/KeyStore.html).
for
hardware-specific threats.
[...] how to limit the
possibilities of attacking the keys from another app.
OK, now you insert O/S abstraction and O/S-specific threats.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada
the requirement of
registration, and still effectively limit abuse?
That's the early dream of a global PKI. Nowadays, we know more.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
the emergency
landing. Thus the decision to land at the major airport (instead of a
secondary airport with less traffic in conflict but lower grade
facilities) is taken based on the fail-safe property of the
aircraft-to-ATC communications subsystem.
Regards,
--
- Thierry Moreau
Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
The Bleichenbacher attack adaptation to OAEP is non-existent today and would
be an even more significant academic result. I must assume that
Bleichenbacher would have published results in this direction if his research
still remains.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
doing this - it is mostly PKCS1,
etc, and RFC3447 doesn't enlighten in this direction.
Could OAEP be considered reasonable for signatures? or is this a case
of totally inappropriate? Or somewhere in between?
iang
Regards,
--
- Thierry Moreau
is ineffective in the first place
against the bad bad boys.) I don't have any answer beyond a
suggestion to deploy first for security-critical distributed
applications (those would typically not be browser-based).
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
James A. Donald wrote:
On 2013-01-18 1:17 AM, Thierry Moreau wrote:
First, replace client certificate by client PPKP (public-private
key pair) and be ready for a significant training exercise. The
more the trainee knows about X.509, the greater challenge for the
trainer.
It has been
-to-end security should make
some sense, even today.
Regards,
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
John Kemp wrote:
[...] the _spirit_ of end-to-end semantics is violated here, I believe [...]
Personally, I am not a spiritual cryptography believer.
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http
innovation more palatable to IT experts. This is how I feel
responsible for the hopeless phishing minefield!
Regards,
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
above
sketchy observation and the press article title.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography@randombit.net
http
.
HIP also appears as a lightweight IPsec, but certainly others can offer
more wisdom in this respect.
Not a simple solution, but how could the original post requirements be
adequately served by a simple solution?
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de
Solar Designer wrote:
On Tue, Oct 30, 2012 at 11:29:17AM -0400, Thierry Moreau wrote:
Isn't memory-space cleanse() isolated from file system specifics except
for the swap space?
Normally yes, but the swap space may be in a file (rather than a disk
partition), or the swap partition may
of CPU load between signer and
verifier are reversed (RSA signature is more CPU-intensive, DSA
verification is more CPU-intensive).
Regards,
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
Hi Ian!
Thanks for this thoughtful feedback.
Your first and explicit question (about application security requirement
assumptions) deserves an answer. I respond to it (and a few more) and
postpone replies to other feedback.
ianG wrote:
Hi Thierry,
On 14/10/12 01:21 AM, Thierry Moreau
-value authenticated web session use case.
Accordingly, some of the observations above may be out-of-sync with the
real world challenges.
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
that is you see yourself as an applied
cryptographer, spot the oracle.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography
) draw your own conclusion.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
-implementation-guide/
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Hi Peter,
Replying on the thinking process, not on the fundamentals at this time
(we seem to agree on the characteristics of PKC vs else).
Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
Unless automated SSH sessions are needed (which is a different problem
space
. But it seems inappropriate to assume that
better ways are not feasible.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography
a notarization use case of crypto, with the attempt to
implement the notarization service without the help of a trusted
[timestamp/historic evidence] third party.
Just my attempt to summarize a lengthy explanation ... no further comments.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130
Follow-up on my own post below ...
Thierry Moreau wrote:
A question for those who follow PKI usage trends.
Is there a list of CAs that issue X.509 end-user certificates?
Here is the rationale for the question:
If an end-user has a certificate, he (more or less consciously) controls
observations. Also,
the SSL debugging tools will report the contents of CertificateRequest
messages from public servers supporting client certs.
Anyone went through such data collection before?
Thanks in advance.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal
Please let me try to summarize.
I guess it is OK to infer from Adam explanations and Peter observation
about homegrown CA software implementations used by some CAs that ...
The unusual public RSA exponent may well be an indication that the
signature key pair was generated by a software
being addressed and to who does the main benefit
accrue / from whom involvement is expected? Once I can see these, I may
appreciate Apache and browser backward compatibility features and the like.
Thanks for your patience with my scrutiny.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc
.
Anyway, this whole thing about RSA modulus GCD findings questions us
about entropy in a renewed perspective (a reminder that future attack
vectors are deemed to be unexpected ones).
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
, enjoy!
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Ben Laurie wrote:
On Fri, Feb 17, 2012 at 8:39 PM, Thierry Moreau
thierry.mor...@connotech.com wrote:
Ben Laurie wrote:
On Fri, Feb 17, 2012 at 7:32 PM, Thierry Moreau
thierry.mor...@connotech.com wrote:
Isn't /dev/urandom BY DEFINITION of limited true entropy?
$ ls -l /dev/urandom
lrwxr-xr
properties of the (deterministic) PRNG component of
/dev/urandom, they can not expand *true* entropy.
And this is so, no matter the amount of details you delegate to reputed
security software developers.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
,
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
of secure operations (the ICANN DNSSEC root
KSK management is the exception).
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
___
cryptography mailing list
) by
the way the triple-DES upgrade project success has been described by a
bank technology specialist who would have been aware of the incident(s).
- Thierry Moreau
Again, I'm not arguing with Drew Gross's observation. It is just a bit
extreme to say it like this.
Best regards,
Ilya
either pay for the
certification gimmick, or you mend your own solution. This is the basis
for an open source HSM ...
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
iang
Adam
On Mon, Sep 26, 2011 at 07:52:20AM +1000, ianG wrote:
On 25/09/11 10:09 AM, James A. Donald wrote:
On 2011-09-25 4:30 AM, Ben Laurie wrote:
I'm just saying I
explicit about identity assertion
model. But the other two models are operating here and there in the IT
security landscape.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
in a virtualization environment be
provided with a) a secret random source, b) a place to store long-term
secrets, and c) some mechanism for external assessment of software
integrity?
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
As a derived engineering strategy, wouldn't it be better to design a system
where the long-term secrets are kept in a secure co-processor,
Yes, of course, but that's asking the wrong question, what you need to ask
) secret
protection in the application deterministic processing, you may as well
apply secret protection mechanisms to the PRNG state, and enjoy the
peace of mind (modulo above bla bla bla) provided by a good PRNG design.
--
- Thierry Moreau
66 matches
Mail list logo