You can use DieHarder, which is a collection of statistical tests to evaluate
if somethings looks random.
grarpamp grarp...@gmail.com schrieb:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be
Hey Peter,
thanks for your analysis!
I think we need to provide some additional input!
In the context of GlobaLeaks where, stating from our Threat Model at
https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/pub
, the Whistleblower can also be NON anonymous but
Dear Fabio,
On 21. Aug 2013, at 09:35 AM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
Which kind of logic / algorithm to apply on the Receiver's notification
timing in order to prevent / reduce the likelihood that a time correlation
pattern is possible?
A random delay between a
On 21. Aug 2013, at 09:32 AM, Dominik domi...@dominikschuermann.de wrote:
You can use DieHarder, which is a collection of statistical tests to evaluate
if somethings looks random.
Problem is that you have to use the suite in a proper way. Checking
a single weak Debian SSL key pair probably
On Mon, Aug 19, 2013 at 09:41:20AM -0400, Jeffrey Walton wrote:
On Mon, Aug 19, 2013 at 9:20 AM, Aaron Toponce aaron.topo...@gmail.com
wrote:
...
It's a shame http://entropykey.co.uk is no longer in business. I was able to
procure 5 entropy keys just before they folded, and they're
On Mon, Aug 19, 2013 at 07:20:45AM -0600, Aaron Toponce wrote:
On Sun, Aug 18, 2013 at 05:07:49PM -0700, coderman wrote:
i am surprised this has not surfaced more often in this thread:
if you need good entropy: use a hardware entropy generator!
It's a shame http://entropykey.co.uk is no
On 21 August 2013 03:35, Fabio Pietrosanti (naif) li...@infosecurity.chwrote:
Hey Peter,
thanks for your analysis!
I think we need to provide some additional input!
In the context of GlobaLeaks where, stating from our Threat Model at
On Wed, Aug 21, 2013 at 01:47:33PM +1000, James A. Donald wrote:
The Jitsi FAQ https://jitsi.org/Documentation/FAQ says that chat
sessions are protected by OTR, which implies that nothing else is.
i think before considering using jitsi-s otr:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/20/2013 05:33 PM, grarpamp wrote:
The subject thread is covering a lot about OS implementations and
RNG various sources. But what are the short list of open source
tools we should be using to actually test and evaluate the
resulting number
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Fabio,
It seems to me that there are two fundamental problems to solve if you
want to disguise the correlation between a node's inputs (submissions,
comments and edits) and its outputs (notifications).
The first problem is disguising the
On Tue, Aug 20, 2013 at 12:46:42PM +1200, Peter Gutmann wrote:
I don't see what the point is though, given that there's more than enough
noisy data available on a general-purpose PC.
True. I use http://www.issihosts.com/haveged/ on physical hardware, and the
entropy keys by Simtec for virtual
thank you Steve for the link to your work!
I really like the idea you had and i hope it catches on, people need
something like that. But I don't think they realize it yet, and the ones
who do have other ways to achieve it.
My focus is very specific though. I want to use openPGP to do the
On 2013-08-17, at 1:50 PM, Jon Callas wrote:
On Aug 17, 2013, at 12:49 AM, Bryan Bishop kanz...@gmail.com wrote:
Would providing (signed) build vm images solve the problem of
distributing your toolchain?
Maybe. The obvious counterexample is a compiler that doesn't
deterministically
grarpamp grarp...@gmail.com wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
Two good ones are listed linked here
On Tue, Aug 20, 2013 at 05:33:05PM -0400, grarpamp wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
As already mentioned
15 matches
Mail list logo
