On 04/10/13 22:58, Jeffrey Goldberg wrote:
On 2013-10-04, at 4:24 AM, Alan Braggins alan.bragg...@gmail.com wrote:
Surely that's precisely because they (and SSL/TLS generally) _don't_
have a One True Suite, they have a pick a suite, any suite approach?
And for those of us having to choose
On 4/10/13 10:52 AM, Peter Gutmann wrote:
Jon Callas j...@callas.org writes:
In Silent Text, we went far more to the one true ciphersuite philosophy. I
think that Iang's writings on that are brilliant.
Absolutely. The one downside is that you then need to decide what the OTS is
going to be.
On Sat, Oct 5, 2013 at 3:13 PM, Erwann Abalea eaba...@gmail.com wrote:
2013/10/4 Paul Wouters p...@cypherpunks.ca
[...]
People forget the NSA has two faces. One side is good. NIST and FIPS
and NSA are all related. One lesson here might be, only use FIPS when
the USG requires it. That said,
Jon Callas j...@callas.org writes:
In Silent Text, we went far more to the one true ciphersuite philosophy. I
think that Iang's writings on that are brilliant.
Absolutely. The one downside is that you then need to decide what the OTS is
going to be. For example Mozilla (at least via Firefox)
On 04/10/13 08:52, Peter Gutmann wrote:
Jon Callas j...@callas.org writes:
In Silent Text, we went far more to the one true ciphersuite philosophy. I
think that Iang's writings on that are brilliant.
Absolutely. The one downside is that you then need to decide what the OTS is
going to be.
On 2013-10-04, at 4:24 AM, Alan Braggins alan.bragg...@gmail.com wrote:
Surely that's precisely because they (and SSL/TLS generally) _don't_
have a One True Suite, they have a pick a suite, any suite approach?
And for those of us having to choose between preferring BEAST and RC4
for our
On Fri, Oct 4, 2013 at 4:58 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
On 2013-10-04, at 4:24 AM, Alan Braggins alan.bragg...@gmail.com wrote:
Surely that's precisely because they (and SSL/TLS generally) _don't_
have a One True Suite, they have a pick a suite, any suite approach?
And
On 2013-10-04, at 5:19 PM, Nico Williams n...@cryptonector.com wrote:
There's a lesson here. I'll make it two for now:
a) algorithm agility *does* matter; those who say it's ETOOHARD should
do some penitence;
Mea culpa! (Actually I never spoke up on this before)
But I do think that
On Fri, Oct 4, 2013 at 6:55 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
b) algorithm agility is useless if you don't have algorithms to choose
from, or if the ones you have are all in the same family”.
Yep.
And even though that was the excuse for including Dual_EC_DRBG among the
other
On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-04 11:41, Jeffrey Walton wrote:
We could not get rid of Trustwave in the public sector (so much for
economics).
What is wrong with trustwave?
The company operates in an industry where trust is a commodity.
On 2013-10-05 10:44, Jeffrey Walton wrote:
On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-04 11:41, Jeffrey Walton wrote:
We could not get rid of Trustwave in the public sector (so much for
economics).
What is wrong with trustwave?
The company operates
On 3/10/13 01:23 AM, Jon Callas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 2, 2013, at 12:26 PM, coderman coder...@gmail.com wrote:
On Wed, Oct 2, 2013 at 10:38 AM, Jared Hunter feralch...@gmail.com wrote:
Aside from the curve change (and even there), this strikes me as a
On Wed, Oct 2, 2013 at 5:49 PM, James A. Donald jam...@echeque.com wrote:
...
So, people who actually know what they are doing are acting as if they know,
or have good reason to suspect, that AES and SHA-2 are broken.
James this is not true.
i challenge you to find reputable positions
On 2/10/13 20:38 PM, Jared Hunter wrote:
Aside from the curve change (and even there), this strikes me as a marketing message
rather than an important technical choice. The message is we react to a deeper
class of threat than our users understand.
There is a wider concept here. The NSA has
On 2013-10-03 19:16, coderman wrote:
On Wed, Oct 2, 2013 at 5:49 PM, James A. Donald jam...@echeque.com wrote:
...
So, people who actually know what they are doing are acting as if they know,
or have good reason to suspect, that AES and SHA-2 are broken.
James this is not true.
i challenge
On Thu, Oct 3, 2013 at 4:28 AM, James A. Donald jam...@echeque.com wrote:
...
He does not believe that AES and SHA-2 rest are necessarily broken - but
neither does he believe that they are not broken.
there is a significant difference between avoiding a cipher on principle,
or association,
On 2013-10-03 21:56, coderman wrote:
On Thu, Oct 3, 2013 at 4:28 AM, James A. Donald jam...@echeque.com wrote:
...
He does not believe that AES and SHA-2 rest are necessarily broken - but
neither does he believe that they are not broken.
there is a significant difference between avoiding a
On Oct 2, 2013, at 6:23 PM, Jon Callas j...@callas.org wrote:
[snipped quoted text]
I'm not implying at all that AES or SHA-2 are broken. If P-384 is broken, I
believe the root cause is more that it's old than it was backdoored.
But it doesn't matter what I think. This is a trust issue.
On 2013-10-04 02:03, Jared Hunter wrote:
One of the biggest issues we're wrestling with, I think, is that the crypto
community already decided that AES and SHA-2 are just fine.
In large part because we trusted NIST. If we do not trust NIST ...
On 2013-10-04 00:13, Jeffrey Goldberg wrote:
So unless you and Silent Circle have information that the rest of us don�t
about AES and SHA-2, I�m actually pissed off at this action. It puts more
pressure on us to follow suit, even though such a move would be pure security
theater.
You have
On 2013-10-03, at 1:28 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-04 00:13, Jeffrey Goldberg wrote:
So unless you and Silent Circle have information that the rest of us don’t
about AES and SHA-2, I’m actually pissed off at this action. It puts more
pressure on us to follow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 3, 2013, at 7:13 AM, Jeffrey Goldberg jeff...@goldmark.org wrote:
Jeff,
You might call it security theatre, but I call it (among other things)
protest. I have also called it trust, conscience, and other things
including emotional. I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I agree fully Jon,
I short, I feel that all trust for NIST has to be broken. It doesn't
matter if AES or SHA-2 is broken or not broken. You cannot go into a
security environment with a tool that is known to be compromised
(NIST) and just hope and
On Thu, 3 Oct 2013, Kelly John Rose wrote:
I short, I feel that all trust for NIST has to be broken. It doesn't
matter if AES or SHA-2 is broken or not broken. You cannot go into a
security environment with a tool that is known to be compromised
(NIST) and just hope and pray that the pieces you
Not quite.
If people agree on Twofish and a generalized standard outside of NIST,
then if NIST picks it up and agrees as well there isn't much concern.
The problem is with older existing standards or if NIST provides
unexplained changes or magic values to the standard.
On 03/10/2013 4:04 PM,
On 2013-10-04 07:31, Jon Callas wrote:
absolutely, this is an emotional response. It's protest. Intellectually, I
believe that AES and SHA2 are not compromised. Emotionally, I am angry and I
want to distance myself from even the suggestion that I am standing with the
NSA. As Coderman and Iang
On 10/03/2013 03:22 PM, James A. Donald wrote:
By moving away from anything NIST has touched he deprives the NSA of
leverage to insert backdoors,
NSA can act through people outside NIST too.
By focusing on NIST we miss the larger problem. Any cryptographer or
security engineer can be
On 2013-10-04 08:04, Paul Wouters wrote:
Reasoning that way, you're very quickly left with not but a tin foil
hat. Let's say we agree on twofish. then NIST/NSA certifies it for FIPS.
Are we than taking that as proof it is compromised and figure out
something else?
If people were adopting
James A. Donald jam...@echeque.com writes:
By moving away from anything NIST has touched he deprives the NSA of leverage
to insert backdoors,
Just as a bit of a counterpoint here, how far do you want to go down this
rathole? Someone recently pointed me to the latest CERT vuln. summary
(because
Jon, first of all thank you for your extremely thoughtful note.
I suspect that we will find that we don’t actually disagree about much, and
also my previous rant was driven by the general anger and frustration that all
of us are experiencing. That is, I amy have been misdirecting my anger at
On Thu, Oct 3, 2013 at 9:26 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
...
I would put it more strongly than that. I think that NIST needs to be
punished. Even if Dual_EC_DRBG were their only lapse, any entity that has
allowed themselves to be used that way should be forced to exit the
On 2013-10-04 11:41, Jeffrey Walton wrote:
We could not get rid of Trustwave in the public sector (so much for
economics).
What is wrong with trustwave? They are smart people, unlike the world
bank economists who do not know the difference between negative feedback
and positive feedback, or
On 2013-10-04 11:26, Jeffrey Goldberg wrote:
But not using AES is a protest that hurts only ourselves.
I have always been inclined to believe that that twofish is better than AES.
Refusing to use AES, or making it the non default choice, is rejecting
NIST as a standards body.
We need to
http://www.infoworld.com/print/228000
October 02, 2013
Silent Circle moves away from NIST cryptographic standards, cites NSA
concerns
The company plans to replace AES and SHA-2 with Twofish and Skein in its
encrypted communication services
By Lucian Constantin | IDG News Service
Silent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Callas' blog post:
http://silentcircle.wordpress.com/2013/09/30/nncs/
On 10/2/2013 8:41 AM, ianG wrote:
http://www.infoworld.com/print/228000
October 02, 2013 Silent Circle moves away from NIST cryptographic
standards, cites NSA concerns The
Aside from the curve change (and even there), this strikes me as a marketing
message rather than an important technical choice. The message is we react to
a deeper class of threat than our users understand.
Fair enough, but I'd hardly stop using AES or the larger SHA-2 variants on the
back of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yeah, it may well be just marketing. The one thing that gives me pause
is that Callas and Schneier are both part of the team that worked on
the systems they have chosen to migrate to (Twofish, Skein), and
Schneier is one of the very few people to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Correction; Callas worked on Threefish, not Twofish, however the
Schneier connection still holds given their past and present
associations...
On 10/2/2013 11:50 AM, d.nix wrote:
Yeah, it may well be just marketing. The one thing that gives me
On Wed, Oct 2, 2013 at 10:38 AM, Jared Hunter feralch...@gmail.com wrote:
Aside from the curve change (and even there), this strikes me as a marketing
message rather than an important technical choice. The message is we react
to a deeper class of threat than our users understand.
it is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 2, 2013, at 12:26 PM, coderman coder...@gmail.com wrote:
On Wed, Oct 2, 2013 at 10:38 AM, Jared Hunter feralch...@gmail.com wrote:
Aside from the curve change (and even there), this strikes me as a marketing
message rather than an
On 2013-10-03 04:50, d.nix wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yeah, it may well be just marketing. The one thing that gives me pause
is that Callas and Schneier are both part of the team that worked on
the systems they have chosen to migrate to (Twofish, Skein), and
Schneier
For reflection: What percent of domestic and global communications are
protected from the collection of plaintext or session information by AES?
Who has the capability and the desire to avoid going dark on that portion of
data flows? Is this an example of a high-value target for corruption? If
42 matches
Mail list logo
