Re: [cryptography] [Cryptography] RSA is dead.
Peter Gutmann writes (on the moderated cryptogra...@metzdowd.com list): Any sufficiently capable developer of crypto software should be competent enought to backdoor their own source code in such a way that it can't be detected by an audit. Some of us have been working on an auditable crypto library: https://twitter.com/TweetNaCl The original, nicely indented, version is 809 lines, 16621 bytes. The Python script to print tweetnacl.h is 1811 bytes. The accompanying paper (to be posted soon) says Of course, compilers also need to be audited (or to produce proofs of correct translations), as do other critical system components---but there's progress on that too. In general it seems that Peter's fatalist view consists entirely of nobody has done this yet rather than it's impossible. TweetNaCl's speed doesn't match the asm in NaCl, but if you can tolerate OpenSSL's 4.2 million cycles for RSA-2048 decryption then you should be able to tolerate TweetNaCl's 2.5 million cycles for Curve25519. ---Dan ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA is dead.
On Dec 23, 2013, at 11:13 AM, D. J. Bernstein d...@cr.yp.to wrote: Peter Gutmann writes (on the moderated cryptogra...@metzdowd.com list): Any sufficiently capable developer of crypto software should be competent enought to backdoor their own source code in such a way that it can't be detected by an audit. Some of us have been working on an auditable crypto library: https://twitter.com/TweetNaCl The original, nicely indented, version is 809 lines, 16621 bytes. ... what is the point of tweeting lines of source code? It's completely unreadable (to me, at least). Why doesn't that twitter account link to the original, nicely indented version? Does the original have comments? If not, why not? - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. signature.asc Description: Message signed with OpenPGP using GPGMail ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA is dead.
On 12/23/2013 1:04 PM, Greg wrote: On Dec 23, 2013, at 11:13 AM, D. J. Bernstein d...@cr.yp.to wrote: Peter Gutmann writes (on the moderated cryptogra...@metzdowd.com list): Any sufficiently capable developer of crypto software should be competent enought to backdoor their own source code in such a way that it can't be detected by an audit. Some of us have been working on an auditable crypto library: https://twitter.com/TweetNaCl The original, nicely indented, version is 809 lines, 16621 bytes. ... what is the point of tweeting lines of source code? It's completely unreadable (to me, at least). Why doesn't that twitter account link to the original, nicely indented version? Does the original have comments? If not, why not? - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography I feel that tweeting code has dangers. Congradulations on opening your code up to security breaches. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA is dead.
On 23/12/13 21:43 PM, Kevin wrote: On 12/23/2013 1:04 PM, Greg wrote: On Dec 23, 2013, at 11:13 AM, D. J. Bernsteind...@cr.yp.to wrote: Peter Gutmann writes (on the moderatedcryptogra...@metzdowd.com list): Any sufficiently capable developer of crypto software should be competent enought to backdoor their own source code in such a way that it can't be detected by an audit. Some of us have been working on an auditable crypto library: https://twitter.com/TweetNaCl The original, nicely indented, version is 809 lines, 16621 bytes. ... what is the point of tweeting lines of source code? It's completely unreadable (to me, at least). It's cool. It's a demonstration of how small a complete library can be. It's a challenge to OpenSSL, you are the Library of Alexander, hack and burn. It's fun to do over Xmas when promises not to work on code to SO are thick and intent. Why doesn't that twitter account link to the original, nicely indented version? If you can't find it, we don't want you to ;-) Does the original have comments? If not, why not? Ah. This debate has yet to start. Wait till you see OpenSSL or BouncyCastle code... :P Please do not email me anything that you are not comfortable also sharing with the NSA. Oh, that too. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
