Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On 13 July 2013 07:32, Peter Gutmann wrote: > William Yager writes: > > >no cryptographer ever got hurt by being too paranoid, and not trusting > your > >hardware is a great place to start. > > And while you're lying awake at night worrying whether the Men in Black > have > backdoored the CPU in

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On Sat, Jul 13, 2013 at 2:17 PM, Patrick Mylund Nielsen wrote: > ... > "The fact is, even if you worry about some back door for the NSA, or some > theoretical lack of perfect 32-bit randomness, we can pretty much depend on > it. We still do our own hashing on top of whatever entropy we get out of

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On Fri, Jul 12, 2013 at 3:29 PM, ianG wrote: > On 12/07/13 21:54 PM, Patrick Mylund Nielsen wrote: > >> On Fri, Jul 12, 2013 at 2:48 PM, James A. Donald > > wrote: >> >> On 2013-07-13 12:20 AM, Eugen Leitl wrote: >> >> It's worth noting that the maintainer o

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On 13/07/13 09:43 AM, Noon Silk wrote: So what should everyone do? Risk analysis. Which starts with your business model. What you do is go talk to your customers and figure out what happens to them. Formally, you would figure out the frequency of these events, and multiply them by the d

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On 13 July 2013 10:11, Peter Gutmann wrote: > and run > a self-test with known-good test vectors on startup, and ... well, you get the > picture. Amusing story: FIPS 140 requires self-tests on the PRNG. There was a bug in FIPS OpenSSL once where the self-test mode got stuck on and so no entropy w

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On 13/07/13 09:32 AM, Peter Gutmann wrote: William Yager writes: no cryptographer ever got hurt by being too paranoid, and not trusting your hardware is a great place to start. And while you're lying awake at night worrying whether the Men in Black have backdoored the CPU in your laptop, you

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Ben Laurie writes: >But what's the argument for _not_ mixing their probably-not-backdoored RNG >with other entropy? Oh, no argument from me on that one, mix every entropy source you can get your hands on into your PRNG, including less-than-perfect ones, the more redundancy there is the less the

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On 13 July 2013 03:20, Peter Gutmann wrote: > Nico Williams writes: > >>I'd like to understand what attacks NSA and friends could mount, with Intel's >>witting or unwitting cooperation, particularly what attacks that *wouldn't* >>put civilian (and military!) infrastructure at risk should details

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

William Yager writes: >It's nice that you can be so cavalier about this, but if your system's RNG is >fundamentally broken, it doesn't really matter so much whether your other >stuff is well-programmed or not. Well I'm not sure what thread you're coming in from, but the current one was about th

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Noon Silk writes: >A good point, of course. So what should everyone do? Look for things, and fix things, in order of likelihood of occurrence and exploitability. (Strong) Crypto is bypassed, not penetrated, so address that first. Once you've addressed all of those issues, then you can start

Re: [cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

On 2013-07-13 3:43 PM, Patrick Mylund Nielsen wrote: On Sat, Jul 13, 2013 at 1:38 AM, William Yager > wrote: not trusting your hardware is a great place to start. Heh, might as well just give up. http://cm.bell-labs.com/who/ken/trust.html (I know what you m