This paper probably helps answering part of your question :
http://www.iacr.org/archive/crypto2000/18800229/18800229.pdf
Note that you can't replace a random oracle by SHA256 but you might have
better luck with HMAC-SHA256 (https://eprint.iacr.org/2013/382.pdf)
forever : you need to be able to reseed it in case of compromise and
since you won't necessarily know when the compromise happened it's
good practice to reseed from time to time
--
Alexandre Anzala-Yamajako
___
cryptography mailing list
cryptography
The confidence in AES comes from its designation process during which
many publicly tried and failed to convincingly reduce its security
claim and the fact that it has (publicly still) stood the test of time
: ten years later all we have are the bicliques which gains us 2 bits.
It doesn't have
certificate-less client messages). A competent and funded organization
might then have a very small pool of users to choose from as to who might
be trying to connect a particular server which somewhat defeats the purpose
of Tor
--
Alexandre Anzala-Yamajako
through technical expertise
--
Alexandre Anzala-Yamajako
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography