Well, who otherwise should pay for that? Consumer Federation of America?
It's quite normal practice for a vendor to contract a 3rd party that
performs a security assessment or penetration test. If you are a smartcard
vendor it's also you who pays for Common Criteria certification of your
product.
The fact that something occurs routinely doesn't actually make it a good idea.
I've seen stuff in FIPS 140 evaluations that makes my skin crawl.
This is CRI, so I'm fairly confident nobody is cutting corners. But that
doesn't mean the practice is a good one.
On Jun 18, 2012, at 5:52 AM,
Natanael natanae...@gmail.com wrote:
One: On the second paper, you assume a prime number as long as the message is
secure, and give an example of a message of 500 characters. Assuming ASCII
coding and compression, that will be just a few hundred bits. RSA (using
primes too) of 1024 bits is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jun 18, 2012, at 5:26 AM, Matthew Green wrote:
The fact that something occurs routinely doesn't actually make it a good
idea. I've seen stuff in FIPS 140 evaluations that makes my skin crawl.
This is CRI, so I'm fairly confident nobody is
On Mon, Jun 18, 2012 at 10:20:35AM -0700, Jon Callas wrote:
On Jun 18, 2012, at 5:26 AM, Matthew Green wrote:
The fact that something occurs routinely doesn't actually make it a good
idea. I've seen stuff in FIPS 140 evaluations that makes my skin crawl.
This is CRI, so I'm fairly
On Mon, Jun 18, 2012 at 2:51 PM, Matthew Green matthewdgr...@gmail.comwrote:
I think that Jack said most of what I would. The incentives all point in
the wrong direction.
While this is all true, it's also why manufacturers who want persuasive
analysis of their products hire consulting vendors
Indeed. We're confident that the DRNG design is sound, but asking the
world to trust us, it's a sound design is unreasonable without us
letting someone independently review it. So being a cryptographic design
that people need some reason to trust before they use it, we opened the
design to a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jun 18, 2012, at 11:15 AM, Jack Lloyd wrote:
On Mon, Jun 18, 2012 at 10:20:35AM -0700, Jon Callas wrote:
On Jun 18, 2012, at 5:26 AM, Matthew Green wrote:
The fact that something occurs routinely doesn't actually make it a good
idea. I've
There's no [non-trivial] system in the world with zero bugs [for some value of
trivial]
:)
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Mon, Jun 18, 2012 at 01:21:20PM -0700, Jon Callas wrote:
I am not in any way suggesting that CRI would hide weaknesses or
perform a lame review.
But that is *precisely* what you are saying.
Jon Stewart could parody that argument far better than I can. You're
not saying that CRI would
On Mon, Jun 18, 2012 at 11:58:56AM -0700, Kyle Hamilton wrote:
So what can we do to solve it? Create our own reputable review service?
Who would pay for it? Who could pay for it? Who *should* pay for it?
At first it seems like irony that buyer-pays is likely the process
best aligned with
What they're actually saying is that they don't think that FIPSing the RNG
will materially impact the security of the RNG -- which if you think
about it, is pretty faint praise.
But true. The FIPS mode enforces some boundary controls (external config
and debug inputs are disabled) but the
On 06/18/2012 12:20 PM, Jon Callas wrote:
A company makes a cryptographic widget that is inherently hard to
test or validate. They hire a respected outside firm to do a review.
What's wrong with that? I recommend that everyone do that.
Un-reviewed crypto is a bane.
Let's accept that the
On Mon, Jun 18, 2012 at 7:12 PM, Marsh Ray ma...@extendedsubset.com wrote:
On 06/18/2012 12:20 PM, Jon Callas wrote:
A company makes a cryptographic widget that is inherently hard to
test or validate. They hire a respected outside firm to do a review.
What's wrong with that? I recommend that
On 19/06/12 08:49 AM, Jack Lloyd wrote:
I've never heard about someone trying to talk past, say, an AES
implementation that didn't actually work, or a bad RSA, that's a
pretty bright line.
I had a bit of an epiphany in two parts.
The first part is that AES and block algorithms can be quite
Tim Dierks t...@dierks.org writes:
While this is all true, it's also why manufacturers who want persuasive
analysis of their products hire consulting vendors with a brand and track
record strong enough that the end consumer can plausibly believe that their
reputational risk outweighs the
On Jun 18, 2012, at 11:21 52PM, ianG wrote:
Then there are RNGs. They start from a theoretical absurdity that we cannot
predict their output, which leads to an apparent impossibility of
black-boxing.
NIST recently switched gears and decided to push the case for deterministic
PRNGs.
On Jun 18, 2012, at 4:21 PM, Jon Callas wrote:
Reviewers don't want a review published that shows they gave a pass on a crap
system. Producing a crap product hurts business more than any thing in the
world. Reviews are products. If a professional organization gives a pass on
something that
On 06/18/2012 10:21 PM, ianG wrote:
The first part is that AES and block algorithms can be quite tightly
defined with a tight specification, and we can distribute test
parameters. Anyone who's ever coded these things up knows that the test
parameters do a near-perfect job in locking
On Mon, Jun 18, 2012 at 9:46 PM, Marsh Ray ma...@extendedsubset.com wrote:
...
One thing they could do is provide a mechainsm to access raw samples from
the Entropy Source component. I.e., the data that Intel provided [to
Cryptography Research] from pre-production chips. These chips allow
20 matches
Mail list logo