Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM

On 14 April 2016 at 00:16, Jerry Leichter wrote: >>> Yes, make it significantly smaller than the current form factor. >> >> Ah. OK, well, that is certainly doable, though how small you can make it is >> ultimately limited by the size of the display. How small do you want it,

Re: [cryptography] Kernel space vs userspace RNG

On 9 May 2016 at 10:01, Luca Testoni wrote: > On 06/05/2016 18:12, Kevin wrote: >> I may be way off but it seems to me that a colonel level RNG can only >> pick up entropy from boot which means hardware noise. Isn't that easy >> to beat with an acoustic attack? Maybe user

Re: [cryptography] USG v. Apple and information security doctrine

On 27 February 2016 at 07:26, listo factor wrote: > > Those that criticize Apple should instead urge Apple's customers > to use adequate keys. That however flies in the face of prevailing > doctrine that security of digital systems must require absolute > minimum of user

Re: [cryptography] Shamir Reveals Sisyphus Algorithm

On 22 April 2015 at 17:24, John Young j...@pipeline.com wrote: Futility of trying to eliminate every single vulnerability in a given piece of software. The name of the game is to protect the secrets despite bugs. And I don't mean with cryptography.

Re: [cryptography] Introducing SC4 -- feedback appreciated

On 18 April 2015 at 00:51, Tony Arcieri basc...@gmail.com wrote: On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret r...@flownet.com wrote: The fact that to use PGP you have to install an application. (This is true for Peerio as well.) That turns out to be too much friction for most people.

Re: [cryptography] OneRNG kickstarter project looking for donations

On 15 December 2014 at 19:18, ianG i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried

Re: [cryptography] Request - PKI/CA History Lesson

On 1 May 2014 08:19, James A. Donald jam...@echeque.com wrote: On 2014-04-30 02:14, Jeffrey Goldberg wrote: On 2014-04-28, at 5:00 PM, James A. Donald jam...@echeque.com wrote: Cannot outsource trust Ann usually knows more about Bob than a distant authority does. So should Ann verify the

Re: [cryptography] Request - PKI/CA History Lesson

On 29 April 2014 07:41, Ryan Carboni rya...@gmail.com wrote: the only logical way to protect against man in the middle attacks would be perspectives (is that project abandoned?) or some sort of distributed certificate cache checking. Or Certificate Transparency. :-)

Re: [cryptography] Improving the state of end-to-end crypto

On 28 April 2014 00:45, Arshad Noor arshad.n...@strongauth.com wrote: On 04/27/2014 10:33 AM, Ben Laurie wrote: http://www.links.org/files/SimplySecure.pdf Ben, As noble as the goals are of this initiative, the solution is likely to be accepted only in UK and the USA - only because

Re: [cryptography] [Cryptography] Improving the state of end-to-end crypto

On 28 April 2014 01:04, ianG i...@iang.org wrote: On 27/04/2014 18:33 pm, Ben Laurie wrote: We are hiring to improve the state of end-to-end crypto: http://www.links.org/files/SimplySecureProgramDirectorJobPosting.pdf http://www.links.org/files/SimplySecure.pdf To paraphrase, work

[cryptography] Improving the state of end-to-end crypto

We are hiring to improve the state of end-to-end crypto: http://www.links.org/files/SimplySecureProgramDirectorJobPosting.pdf http://www.links.org/files/SimplySecure.pdf ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] If not StartSSL, the next best CA for individuals?

On 12 April 2014 19:57, Jeffrey Goldberg jeff...@goldmark.org wrote: They also had a really nice statement about transparency back in September, but I can't find it now. https://www.globalsign.com/blog/trust-the-math-choose-your-friends-wisely.html

Re: [cryptography] crypto mdoel based on cardiorespiratory coupling

On 10 April 2014 01:17, travis+ml-rbcryptogra...@subspacefield.org wrote: http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284 This is nonsense, right? Unbounded in the sense of relying on secrecy of the unbounded number of algorithms? Also not novel. I don't

Re: [cryptography] Password Blacklist that includes Adobe's Motherload?

On 14 November 2013 03:29, shawn wilson ag4ve...@gmail.com wrote: This is the only thing I've seen (haven't really looked): http://stricture-group.com/files/adobe-top100.txt I have to ask: snoopy1 more popular than snoopy? wtf? ___ cryptography

Re: [cryptography] European report says many crypto protocols have problems

On 4 November 2013 09:51, yersinia yersinia.spi...@gmail.com wrote: Nist recently posted a raccomandation very recently (IN DRAFT) http://csrc.nist.gov/publications/drafts/800-52-rev1/draft_sp800_52_r1.pdf If you ignore the bits about FIPS-140 and SP800-90A, its not bad. But fairly obvious. It

[cryptography] Fwd: [capsicum] capsicum-linux codebase

: [capsicum] capsicum-linux codebase To: cl-capsicum-disc...@lists.cam.ac.uk Cc: Ben Laurie b...@google.com Hi, As some of you know, I'm working on getting Capsicum working in the Linux kernel, based on the FreeBSD implementation and on previous work done by Meredydd Luff in his stint as a Google intern

Re: [cryptography] funding Tor development

On 21 October 2013 16:57, Kyle Maxwell ky...@xwell.org wrote: On Fri, Oct 18, 2013 at 4:18 AM, Ben Laurie b...@links.org wrote: On 14 October 2013 14:36, Eugen Leitl eu...@leitl.org wrote: Guys, in order to minimize Tor Project's dependance on federal funding Why? Is that not self

Re: [cryptography] funding Tor development

On 14 October 2013 14:36, Eugen Leitl eu...@leitl.org wrote: Guys, in order to minimize Tor Project's dependance on federal funding Why? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] One Time Pad Cryptanalysis

On 3 October 2013 14:13, Florian Weimer f...@deneb.enyo.de wrote: On 02/10/13 at 08:51am, Florian Weimer wrote: There is widespread belief that compressing before encrypting makes cryptanalysis harder, so compression is assumed to be beneficial. Any academic references? Applied

Re: [cryptography] [Cryptography] TLS2

On 30 September 2013 10:47, Adam Back a...@cypherspace.org wrote: I think lack of soft-hosting support in TLS was a mistake - its another reason not to turn on SSL (IPv4 addresses are scarce and can only host one SSL domain per IP#, that means it costs more, or a small hosting company can

Re: [cryptography] [Cryptography] RSA equivalent key length/strength

On 18 September 2013 22:23, Lucky Green shamr...@cypherpunks.to wrote: According to published reports that I saw, NSA/DoD pays $250M (per year?) to backdoor cryptographic implementations. I have knowledge of only one such effort. That effort involved DoD/NSA paying $10M to a leading

Re: [cryptography] no-keyring public

On 24 August 2013 19:55, Krisztián Pintér pinte...@gmail.com wrote: Can it not? A distributed store for salts seems possible... but then distributed keyring is also possible, is it not? Yes. Or at least cloud storage for secrets. ___ cryptography

Re: [cryptography] Preventing Time Correlation Attacks on Leaks: Help! :-)

On 21 August 2013 03:35, Fabio Pietrosanti (naif) li...@infosecurity.chwrote: Hey Peter, thanks for your analysis! I think we need to provide some additional input! In the context of GlobaLeaks where, stating from our Threat Model at

Re: [cryptography] urandom vs random

On 18 August 2013 02:55, James A. Donald jam...@echeque.com wrote: On 2013-08-18 4:11 PM, Ben Laurie wrote: If I chose to run Linux, I could fix the version I ran. In fact, I choose not to run it, so I don't need to. But if you write software, you don't write it just for your own

Re: [cryptography] urandom vs random

On 17 August 2013 06:01, ianG i...@iang.org wrote: On 17/08/13 10:57 AM, Peter Gutmann wrote: Nico Williams n...@cryptonector.com writes: It might be useful to think of what a good API would be. The problem isn't the API, it's the fact that you've got two mutually exclusive

Re: [cryptography] urandom vs random

On 17 August 2013 08:05, ianG i...@iang.org wrote: On 17/08/13 14:46 PM, Ben Laurie wrote: On 17 August 2013 06:01, ianG i...@iang.org mailto:i...@iang.org wrote: On 17/08/13 10:57 AM, Peter Gutmann wrote: Nico Williams n...@cryptonector.com mailto:n

Re: [cryptography] urandom vs random

On 17 August 2013 10:09, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote: ... Also, if there are other sources, why are they not being fed in to the system PRNG? Linux 3.x kernels decided to stop using IRQ interrupts (removal

[cryptography] Certificate Transparency Hack Day

The Certificate Transparency hack day will take place at Google’s London offices on Wednesday, the 28th of August, 2013. Please sign up on this formhttps://docs.google.com/a/google.com/forms/d/1jvO5OdkvRhyTV6XU4Q-YaRKlTSF7rh94LzRFbICHRg8/viewform by August 22nd, to let us know you plan to attend.

[cryptography] Certificate Transparency Hack Day: Weds Aug 28th

We've set the date: Weds Aug 28th at Google's London office. More information to follow soon. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Updated Certificate Transparency site

On 1 August 2013 22:32, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote: ... If everyone does their part CT causes the risk of dishonest CA behavior

[cryptography] Updated Certificate Transparency site

Since there was some puzzlement over CT, I thought it might be of interest that we have revamped the site: http://www.certificate-transparency.org/. Comments and questions welcome. ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] [liberationtech] Heml.is - The Beautiful Secure Messenger

On 13 July 2013 10:11, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: and run a self-test with known-good test vectors on startup, and ... well, you get the picture. Amusing story: FIPS 140 requires self-tests on the PRNG. There was a bug in FIPS OpenSSL once where the self-test mode got stuck

Re: [cryptography] What project would you finance? [WAS: Potential funding for crypto-related projects]

On 2 July 2013 11:25, Adam Back a...@cypherspace.org wrote: I think it time to deprecate non-https (and non-forward secret ciphersuites.) Compute power has moved on, session cacheing works, symmetric crypto is cheap. Btw did anyone get a handle on session resumption - does it provide forward

Re: [cryptography] SSL session resumption defective (Re: What project would you finance? [WAS: Potential funding for crypto-related projects])

On 2 July 2013 16:07, Adam Back a...@cypherspace.org wrote: On Tue, Jul 02, 2013 at 11:48:02AM +0100, Ben Laurie wrote: On 2 July 2013 11:25, Adam Back a...@cypherspace.org wrote: does it provide forward secrecy (via k' = H(k)?). Resumed [SSL] sessions do not give forward secrecy. Sessions

Re: [cryptography] Potential funding for crypto-related projects

On 1 July 2013 01:55, Jacob Appelbaum ja...@appelbaum.net wrote: So then - what do you suggest to someone who wants to leak a document to a press agency that has a GlobaLeaks interface? I would suggest: don't use GlobalLeaks, use anonymous remailers. Bottom line: Tor is weak against powerful

Re: [cryptography] Potential funding for crypto-related projects

On 1 July 2013 01:55, Jacob Appelbaum ja...@appelbaum.net wrote: I would like to see a tor configuration flag that sacrifices speed for anonymity. You're the first person, perhaps ever, to make that feature request without it being in a mocking tone. At least, I think you're not mocking! :)

Re: [cryptography] Potential funding for crypto-related projects

On 1 July 2013 14:33, Jacob Appelbaum ja...@appelbaum.net wrote: I think having Mixmaster and MixMinion support in Tails and run over Tor would be a good way to start. I also agree that GlobaLeaks should have an interface for receiving leaks via either of those networks - though I sometimes

Re: [cryptography] skype backdoor confirmation

On 20 May 2013 17:35, Nico Williams n...@cryptonector.com wrote: On Fri, May 17, 2013 at 6:06 AM, Ben Laurie b...@links.org wrote: On 17 May 2013 11:39, d...@geer.org wrote: Trust but verify is dead. Maybe for s/w, but not everything: http://www.links.org/files

Re: [cryptography] skype backdoor confirmation

On 17 May 2013 11:39, d...@geer.org wrote: I do wonder, can we reasonably expect that integrity of open source software today? I'm not blaming anyone, let me explain: The threat of forking or noticing any wrong doing was probably enough in previous years. But these days, software is much

Re: [cryptography] Key Checksums (BATON, et al)

On 27 March 2013 17:20, Steven Bellovin s...@cs.columbia.edu wrote: On Mar 27, 2013, at 3:50 AM, Jeffrey Walton noloa...@gmail.com wrote: What is the reason for checksumming symmetric keys in ciphers like BATON? Are symmetric keys distributed with the checksum acting as a authentication tag?

Re: [cryptography] Keyspace: client-side encryption for key/value stores

On 23 March 2013 16:21, danimoth danim...@cryptolab.net wrote: On 21/03/13 at 03:07am, Jeffrey Walton wrote: Linux has not warmed up to the fact that userland needs help in storing secrets from the OS. http://standards.freedesktop.org/secret-service/ but maybe I have misunderstood your

Re: [cryptography] why did OTR succeed in IM?

On 23 March 2013 09:25, ianG i...@iang.org wrote: Someone on another list asked an interesting question: Why did OTR succeed in IM systems, where OpenPGP and x.509 did not? Because Adium built it in? (The reason this is interesting (to me?) is that there are not so many instances in

Re: [cryptography] why did OTR succeed in IM?

On 23 March 2013 16:51, Peter Saint-Andre stpe...@stpeter.im wrote: 3. It was built into the most popular open-source IM clients (Pidgin and Adium). It isn't actually built in to Pidgin. Should be, IMO. ___ cryptography mailing list

Re: [cryptography] msft skype IM snooping stats PGP/X509 in IM?? (Re: why did OTR succeed in IM?)

On 23 March 2013 18:08, Stephan Neuhaus stephan.neuh...@tik.ee.ethz.ch wrote: On Mar 23, 2013, at 15:04, Adam Back wrote: I think its past time people considered switching to another IM client, an open source one with p2p routed traffic and/or end 2 end security, preferably with some

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

On 10 March 2013 01:25, Tony Arcieri tony.arci...@gmail.com wrote: On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton noloa...@gmail.com wrote: The Web Cryptography Working Group looks well organized, provides a very good roadmap, and offers good documentation. http://www.w3.org/2012/webcrypto/.

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

On 10 March 2013 01:57, Ryan Sleevi ryan+cryptogra...@sleevi.com wrote: Finally, the recommendations are for what implementations should support. There is not any mandatory to implement suite at this point. Instead, it's looking at what are the algorithms in vast, sweeping use today in a number

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

On 10 March 2013 10:58, Paterson, Kenny kenny.pater...@rhul.ac.uk wrote: On 10 Mar 2013, at 10:51, Ben Laurie wrote: On 10 March 2013 01:25, Tony Arcieri tony.arci...@gmail.com wrote: On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton noloa...@gmail.com wrote: The Web Cryptography Working

Re: [cryptography] Client TLS Certificates - why not?

On 5 March 2013 18:41, StealthMonger stealthmon...@nym.mixmin.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey Walton noloa...@gmail.com writes: Its the key distribution problem. Its the cause of all the troubles. I don't understand. Please explain. What's wrong with the

Re: [cryptography] Meet the groundbreaking new encryption app set to revolutionize privacy...

On 6 February 2013 23:35, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Feb 6, 2013 at 7:17 AM, Moti m...@cyberia.org.il wrote: Interesting read. Mostly because the people behind this project.

Re: [cryptography] An encryption project

On 28 January 2013 13:37, Paul Christian pho...@gmail.com wrote: Hi Folks, I am new to the list and have in interest in encryption, but not much experiance in breaking/testing or a details understanding of modern methods. I am interested in developing some technology to allow a user to

Re: [cryptography] phishing/password end-game (Re: Why anon-DH ...)

On 19 January 2013 07:45, James A. Donald jam...@echeque.com wrote: On 2013-01-19 2:14 AM, ianG wrote: Also, the confounded users tend to lose their phones or have them stolen. And then they demand their 'identities' back, as if nothing has happened. So the keys need to be agile, in some

Re: [cryptography] yet another certificate MITM attack

On 14 January 2013 06:11, ianG i...@iang.org wrote: On 13/01/13 22:47 PM, Jeffrey Walton wrote: On Sun, Jan 13, 2013 at 1:20 PM, Warren Kumari war...@kumari.net wrote: On Jan 12, 2013, at 4:27 AM, ianG i...@iang.org wrote: On 11/01/13 02:59 AM, Jon Callas wrote: -BEGIN PGP SIGNED

Re: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

On Tue, Jan 8, 2013 at 1:28 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Ben Laurie b...@links.org writes: I've snipped most of this because, although it'd be fun to keep going back and forth, I'm not sure if everyone else wants to keep reading the exchange (Ben, we'll continue it over

Re: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

On Tue, Jan 8, 2013 at 8:40 AM, ianG i...@iang.org wrote: IMO, the answer to phishing is to solve the password problem, and the solution to the password problem is really good password managers. But I haven't had much luck selling that solution. Probably because, rather like Peter's solution,

Re: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

On Tue, Jan 8, 2013 at 11:42 AM, James A. Donald jam...@echeque.com wrote: On 2013-01-08 7:26 PM, Ben Laurie wrote: Modulo CAs not working correctly, this is what SSL does. So long as you define the right server as being the one with the domain name you navigated to. Domain names

Re: [cryptography] openssl on git

On 8 January 2013 18:06, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Jan 1, 2013 at 1:02 PM, Ben Laurie b...@links.org wrote: We're experimenting with moving openssl to git. Again. We've tried an import using cvs2git - does anyone have any views on better tools? You can see the results

Re: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

On Sun, Jan 6, 2013 at 11:20 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Ben Laurie b...@links.org with: a) I don't believe your figures, Well I don't believe in the tooth fairy, but in this case you're going to have to provide a more convincing rebuttal than I choose not to believe

Re: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

On Mon, Jan 7, 2013 at 5:32 PM, Guido Witmond gu...@wtmnd.nl wrote: What I read from the certificate-transparency.org website is that it intends to limit to Global CA certificates. I would urge mr Laurie and Google to include all certificates, including self-signed. It would increase the value

Re: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

On Sun, Jan 6, 2013 at 1:15 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Ben Laurie b...@links.org writes: On Sat, Jan 5, 2013 at 1:26 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: In the light of yet another in an apparently neverending string of CA failures, how long are browser

[cryptography] openssl on git

We're experimenting with moving openssl to git. Again. We've tried an import using cvs2git - does anyone have any views on better tools? You can see the results here (not all branches pushed to github yet, let me know if there's a particular branch you'd like me to add):

Re: [cryptography] Tigerspike claims world first with Karacell for mobile security

On Wed, Dec 26, 2012 at 9:38 PM, Jon Callas j...@callas.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I took a look at it. Amusing. I didn't spend a lot of time on it. Probably not more than twice what it took me to write this. It has an obvious problem with known plaintext. You

Re: [cryptography] Tigerspike claims world first with Karacell for mobile security

On Thu, Dec 27, 2012 at 9:18 AM, Russell Leidich pke...@gmail.com wrote: there are plenty of Googleable papers showing the Counter Mode is weak relative to (conventional) cipher-block-chaining (CBC) AES. Really? For example? ___ cryptography mailing

Re: [cryptography] Tigerspike claims world first with Karacell for mobile security

On Mon, Dec 24, 2012 at 12:22 PM, Jeffrey Walton noloa...@gmail.com wrote: Has anyone had the privilege of looking at the stronger than military grade [encryption] scheme? http://innovblogdotcom.files.wordpress.com/2012/06/the-karacell-encryption-system-tech-paper1.pdf Enjoy.

Re: [cryptography] Gmail and SSL

On Sun, Dec 16, 2012 at 7:52 AM, ianG i...@iang.org wrote: On 16/12/12 02:41 AM, Ben Laurie wrote: On Sat, Dec 15, 2012 at 10:01 PM, James A. Donald jam...@echeque.com wrote: On 2012-12-16 6:23 AM, Andy Steingruebl wrote: given some of the more recent attacks against Google

Re: [cryptography] current limits of proving MITM (Re: Gmail and SSL)

On Sun, Dec 16, 2012 at 8:47 AM, Adam Back a...@cypherspace.org wrote: (note the tidy email editing, Ben, and other blind top posters to massive email threads :) I'm sorry - I use gmail which does, literally, make you blind to them. I try to remember!

Re: [cryptography] current limits of proving MITM (Re: Gmail and SSL)

On Sun, Dec 16, 2012 at 9:48 AM, ianG i...@iang.org wrote: Just to nitpick on this point, a CA certainly can claim that they or an agent did not sign a certificate. And, they can provide the evidence, and should have the ability to do this: CAs internally have logs as to what they did or did

Re: [cryptography] Just how bad is OpenSSL ?

On Mon, Nov 5, 2012 at 5:07 AM, Nico Williams n...@cryptonector.com wrote: On Sun, Nov 4, 2012 at 8:42 AM, Ben Laurie b...@links.org wrote: On Sat, Nov 3, 2012 at 12:26 AM, James A. Donald jam...@echeque.com wrote: On Oct 30, 2012 7:50 AM, Ben Laurie b...@links.org wrote: The team has ruled

Re: [cryptography] Just how bad is OpenSSL ?

On Sat, Nov 3, 2012 at 12:26 AM, James A. Donald jam...@echeque.com wrote: On Oct 30, 2012 7:50 AM, Ben Laurie b...@links.org wrote: The team has ruled out having the master at github. What is wrong with github? TBH, I wouldn't mind much, but I think the concern is that its not under our

Re: [cryptography] Just how bad is OpenSSL ?

On Mon, Oct 29, 2012 at 10:34 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Oct 26, 2012 at 2:29 PM, John Case c...@sdf.org wrote: I was recently reading the most dangerous code in the world article at stanford: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html

Re: [cryptography] Just how bad is OpenSSL ?

On Tue, Oct 30, 2012 at 11:09 AM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Oct 30, 2012 at 5:03 AM, Ben Laurie b...@links.org wrote: On Mon, Oct 29, 2012 at 10:34 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Oct 26, 2012 at 2:29 PM, John Case c...@sdf.org wrote: [SNIP

Re: [cryptography] Just how bad is OpenSSL ?

On Tue, Oct 30, 2012 at 11:17 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Ben Laurie b...@links.org writes: Apparently you think the best way to get a secure platform is to apply pressure through pointless security standards. I think that's a bit of an extreme comment on FIPS 140

Re: [cryptography] Just how bad is OpenSSL ?

volunteer? :-) Like most (good) open source projects: sustained contribution. Matt On Oct 30, 2012, at 10:12 AM, Ben Laurie b...@links.org wrote: On Tue, Oct 30, 2012 at 11:58 AM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Oct 30, 2012 at 5:03 AM, Ben Laurie b...@links.org wrote

Re: [cryptography] Just how bad is OpenSSL ?

On Tue, Oct 30, 2012 at 2:31 PM, Nico Williams n...@cryptonector.com wrote: I strongly suggest you move to git ASAP. It's not hard, though some history can be lost in the move using off-the-shelf conversion tools. (MIT Kerberos recently moved from SVN to git, and before that, from CVS to SVN,

Re: [cryptography] Just how bad is OpenSSL ?

. The team has ruled out having the master at github. On Tue, Oct 30, 2012 at 3:28 PM, Ben Laurie b...@links.org wrote: On Tue, Oct 30, 2012 at 2:21 PM, Matthew Green matthewdgr...@gmail.com wrote: So: 1. What is the process by which you get OpenSSL contributors to notice a serious

Re: [cryptography] Client certificate crypto with a twist

On Wed, Oct 10, 2012 at 4:34 PM, Joe St Sauver j...@oregon.uoregon.edu wrote: The nice part about Shib, from a privacy POV, is that you only release/get the attributes that may be necessary (thereby preserving user privacy). A rather optimistic view of federated identity... a) Who determines

Re: [cryptography] Client certificate crypto with a twist

On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond gu...@wtmnd.nl wrote: Hello Everyone, I'm proposing to revitalise an old idea. With a twist. The TL;DR: 1. Ditch password based authentication over the net; 2. Use SSL client certificates instead; Here comes the twist: 3. Don't use the

Re: [cryptography] Client certificate crypto with a twist

On Wed, Oct 10, 2012 at 4:54 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Oct 10, 2012, at 9:09 AM, Ben Laurie b...@links.org wrote: On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond gu...@wtmnd.nl wrote: Hello Everyone, I'm proposing to revitalise an old idea. With a twist. The TL;DR

Re: [cryptography] anyone got a how not to use OpenSSL list?

On Wed, Oct 10, 2012 at 6:34 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: I want to find common improper usages of OpenSSL library for SSL/TLS. Can be reverse-engineered from a how to properly use OpenSSL FAQ, probably, but would prefer information to the first point rather than its

Re: [cryptography] How to safely produce web pages from multiple sources?

on something other than that which she clicked on? On 2012-08-29 1:13 PM, Ben Laurie wrote: Caja: http://code.google.com/p/google-caja/. So Bob's server gets a page from Malloc's server, vanillizes it using Caja, and serves Carol with Bob's content combined with vanilla Malloc content. Or does Bob's

Re: [cryptography] How to safely produce web pages from multiple sources?

On Wed, Aug 29, 2012 at 2:33 AM, James A. Donald jam...@echeque.com wrote: Suppose your web page incorporates some content from another url, a not altogether trusted url. Let us call this other url Malloc. You, the owner of the website and the author of the main part of the web page are Bob,

Re: [cryptography] any reason PBKDF2 shouldn't be used for storing hashed passwords?

On Thu, Aug 16, 2012 at 1:30 AM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: One curious note is that NIST recommends PBKDF2 for master key derivation, and specifically write, The MK [PBKDF2 output] shall not be used for other purposes. Perhaps the document was meant to

[cryptography] Shared key in DPI device...

the Cyberoam CA certificate from their browsers and decline to complete any connection which gives a certificate warning. Credit == This issue was discovered and analysed by Runa A. Sandvik of the Tor Project and Ben Laurie. ___ cryptography mailing list

Re: [cryptography] PINS and [Short] Passwords

On Wed, Apr 4, 2012 at 8:45 PM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, Older iOS devices used a 4 digit PIN code, which was next to no protection. Newer iOS allow passcodes which consist of a full (fuller?) alphabet. Assuming a weak password policy (for example, 4 or 6 characters)

[cryptography] Certificate Transparency: working code

http://www.links.org/?p=1226 Certificate Transparency: Spec and Working Codehttp://www.links.org/?p=1226 Quite a few people have said to me that Certificate Transparency (CT) sounds like a good idea, but they’d like to see a proper spec. Well, there’s been one of those for quite a while, you

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Mon, Feb 20, 2012 at 12:42 PM, Solar Designer so...@openwall.com wrote: On Sun, Feb 19, 2012 at 05:57:37PM +, Ben Laurie wrote: In any case, I think the design of urandom in Linux is flawed and should be fixed. Do you have specific suggestions? Short of making it block, I can think

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Mon, Feb 20, 2012 at 5:22 PM, Thierry Moreau thierry.mor...@connotech.com wrote: Then, basically the freebsd design is initial seeding of a deterministic PRNG. If a) the PRNG design is cryptographically strong (a qualification  which can be fairly reliable if done with academic scrutiny),

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Sun, Feb 19, 2012 at 5:39 PM, Thierry Moreau thierry.mor...@connotech.com wrote: Ben Laurie wrote: On Fri, Feb 17, 2012 at 8:39 PM, Thierry Moreau thierry.mor...@connotech.com wrote: Ben Laurie wrote: On Fri, Feb 17, 2012 at 7:32 PM, Thierry Moreau thierry.mor...@connotech.com wrote

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Fri, Feb 17, 2012 at 8:39 PM, Thierry Moreau thierry.mor...@connotech.com wrote: Ben Laurie wrote: On Fri, Feb 17, 2012 at 7:32 PM, Thierry Moreau thierry.mor...@connotech.com wrote: Isn't /dev/urandom BY DEFINITION of limited true entropy? $ ls -l /dev/urandom lrwxr-xr-x  1 root

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Fri, Feb 17, 2012 at 7:32 PM, Thierry Moreau thierry.mor...@connotech.com wrote: Isn't /dev/urandom BY DEFINITION of limited true entropy? $ ls -l /dev/urandom lrwxr-xr-x 1 root wheel 6 Nov 20 18:49 /dev/urandom - random ___ cryptography mailing

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Thu, Feb 16, 2012 at 5:05 PM, Jeffrey I. Schiller j...@qyv.net wrote: What I found most interesting in Nadia's blog entry is this snippet of (pseudo) code from OpenSSL: 1       prng.seed(seed) 2       p = prng.generate_random_prime() 3       prng.add_randomness(bits) 4       q =

Re: [cryptography] Duplicate primes in lots of RSA moduli

On Wed, Feb 15, 2012 at 4:56 PM, Ben Laurie b...@links.org wrote: On Wed, Feb 15, 2012 at 4:13 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Feb 14, 2012, at 10:02 PM, Jon Callas wrote: On 14 Feb, 2012, at 5:58 PM, Steven Bellovin wrote: The practical import is unclear, since there's

Re: [cryptography] Chrome to drop CRL checking

On Tue, Feb 7, 2012 at 9:56 AM, Marcus Brinkmann marcus.brinkm...@ruhr-uni-bochum.de wrote: Hi, On 02/07/2012 03:52 AM, Steven Bellovin wrote: http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars While I am no fan of CRLs, I think it's worth

Re: [cryptography] Auditable CAs

On Tue, Dec 6, 2011 at 10:48 AM, Florian Weimer fwei...@bfk.de wrote: * Ben Laurie: Given the recent discussion on Sovereign Keys I thought people might be interested in a related, but less ambitious, idea Adam Langley and I have been kicking around: http://www.links.org/files

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Fri, Dec 2, 2011 at 10:02 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Adam Back a...@cypherspace.org writes: Start of the thread was that Greg and maybe others claim they've seen a cert in the wild doing MitM on domains the definitionally do NOT own. It's not just a claim, I've seen

Re: [cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

On Fri, Dec 2, 2011 at 4:14 PM, ianG i...@iang.org wrote: On 2/12/11 23:00 PM, Peter Gutmann wrote: I guess if you're running into this sort of thing for the first time then you'd be out for blood, but if you've been aware of this it going on for more than a decade then it's just business as

Re: [cryptography] Auditable CAs

On Wed, Nov 30, 2011 at 1:18 AM, Marsh Ray ma...@extendedsubset.com wrote: On 11/27/2011 03:00 PM, Ben Laurie wrote: Given the recent discussion on Sovereign Keys I thought people might  be interested in a related, but less ambitious, idea Adam Langley and I have been kicking around: http

Re: [cryptography] Auditable CAs

On Wed, Nov 30, 2011 at 5:16 PM, Marsh Ray ma...@extendedsubset.com wrote: On 11/30/2011 05:24 AM, Ben Laurie wrote: On Wed, Nov 30, 2011 at 1:18 AM, Marsh Rayma...@extendedsubset.com  wrote: Perhaps the relevant property is certs issued by a browser-trusted CA or subordinate regardless

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Thu, Dec 1, 2011 at 5:32 AM, Rose, Greg g...@qualcomm.com wrote: On 2011 Nov 30, at 17:18 , Lee wrote: On 11/30/11, Rose, Greg g...@qualcomm.com wrote: On 2011 Nov 30, at 16:44 , Adam Back wrote: Are there really any CAs which issue sub-CA for deep packet inspection aka doing MitM and

Re: [cryptography] Auditable CAs

On Mon, Nov 28, 2011 at 10:39 AM, Chris Richardson ch...@randomnonce.org wrote: Today, a site operator can opt-out of the CA system by using a self-signed certificate.  When users go to the site they get a warning that they blindly click-through.  This degrades one of the main benefits of the

Re: [cryptography] Auditable CAs

On Mon, Nov 28, 2011 at 6:46 PM, Seth David Schoen sch...@eff.org wrote: Ben Laurie writes: How will the opt-out mechanism work so that it is not degraded by uses clicking through a warning? Don't quite understand the question: if you have opted out you shouldn't get a warning, surely

  1   2   >