Re: [cryptography] NIST Randomness Beacon (andrew cooke) (and Andy Isaacson, et al.)

2013-11-13 Thread Joshua Kingsolver Price 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Something of a noob question, but what about random.org? Is there some
reason why this site isn't used by the cryptographically wise? It
seems that they already offer public entropy, and from a very good
source. Sure you still can't use it for keys, but you couldn't use ANY
public source for that, so what's the difference?

 Message: 1 Date: Sun, 10 Nov 2013 05:15:33 -0300 From: andrew
 cooke and...@acooke.org To: d.nix d@comcast.net Cc: 
 cypherpu...@cpunks.org, cryptogra...@metzdowd.com, 
 cryptography@randombit.net cryptography@randombit.net Subject: 
 Re: [cryptography] NIST Randomness Beacon Message-ID: 
 20131110081533.gh24...@acooke.org Content-Type: text/plain; 
 charset=us-ascii
 
 
 the idea of a service that provides data unknown before a certain 
 date (like a photo of a recent newspaper) was suggested here - 
 http://rachelbythebay.com/w/2012/08/29/info/
 
 for fun, i implemented that here - http://colorlessgreen.net/ (the 
 random value is updated every 5 secs, roughly, and encoded as
 a memorable phrase)
 
 of course, in this case, a PRNG was used, and i am not NIST (so i 
 am not guaranteeing unpredictability ot autonomy to the same 
 extent!), and the output is only ~50 bits in size.
 
 as far as i know, no-one uses it for anything...
 
 andrew
 
 
 On Sat, Nov 09, 2013 at 08:28:17PM -0800, d.nix wrote:
 
 surely someone here has an opinion...
 
 http://www.nist.gov/itl/csd/ct/nist_beacon.cfm
 
 :-)
 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSg7KdAAoJEBt4bfGB1f9U770QAKaizwlAU1em/xtcjiJEPycs
pP+4suRMEf4xJyk5jR4sEBoWdTK9RsE0kaEgvXZ/3MkNTLoVBs8MxEhDh7z/QhW6
VWtY29ZH4KAoXfozTMQ0cw1hpA3b5Pab3CcmcpDOYXo6v1um0tDkal8jrLSpDN11
Prn+tUjC+uGeGnLJOizDpQgefDLYhm4GmcJT+g2kxbsYJ1D4pv6wWWNV596dcIvo
ScLOefQZr2ELTkCuqPzunKNAP00WCKXvBLB1YcsePaHtmFaIWJIr1Ul6R0ottmqz
8Z3PCEH2/soi9D55uKDWX85TDjB9u/VU8fnbQYvfrz0eY/K1SSSRMnbF5KDBpAis
DAC9P3xFS322A+Jt3GgVeTP5BMsNdM1E1Q0Z+yrC+AJu3ONe8smSh/cXBzLZ5RCE
XVROV8fVJ9JORrdr+oz8YdpqEePsqf9vTVaHz+GW2RnsUi15rtHfyFLt4vm0zA44
G+eivxbV7eIn27AEm1dMi6Ko/GGZsZumAQkm1DWsIyWmodDggJVOckrH+2litu3F
dUi/ok1xlDV5qvOhTkMOBD53fHfsh0J0BT0Ec5WXx2RQR/7H2KK8bk6rYLCaYQzW
Q1rI+a6jfj8CQz6a/Cen16OK7IMByQDpZ1J28v65Fu7lDkm3gVuJp8MvHsaNbHJo
uO1AKyRSJf5geqdLw3ob
=hS8R
-END PGP SIGNATURE-
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] NIST Randomness Beacon (andrew cooke) (and Andy Isaacson, et al.)

2013-11-13 Thread Natanael 
Because there's no guarantees at all for anything at all for that site.

On Wed, Nov 13, 2013 at 6:10 PM, Joshua Kingsolver Price
jprice...@ivytech.edu wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Something of a noob question, but what about random.org? Is there some
 reason why this site isn't used by the cryptographically wise? It
 seems that they already offer public entropy, and from a very good
 source. Sure you still can't use it for keys, but you couldn't use ANY
 public source for that, so what's the difference?

 Message: 1 Date: Sun, 10 Nov 2013 05:15:33 -0300 From: andrew
 cooke and...@acooke.org To: d.nix d@comcast.net Cc:
 cypherpu...@cpunks.org, cryptogra...@metzdowd.com,
 cryptography@randombit.net cryptography@randombit.net Subject:
 Re: [cryptography] NIST Randomness Beacon Message-ID:
 20131110081533.gh24...@acooke.org Content-Type: text/plain;
 charset=us-ascii


 the idea of a service that provides data unknown before a certain
 date (like a photo of a recent newspaper) was suggested here -
 http://rachelbythebay.com/w/2012/08/29/info/

 for fun, i implemented that here - http://colorlessgreen.net/ (the
 random value is updated every 5 secs, roughly, and encoded as
 a memorable phrase)

 of course, in this case, a PRNG was used, and i am not NIST (so i
 am not guaranteeing unpredictability ot autonomy to the same
 extent!), and the output is only ~50 bits in size.

 as far as i know, no-one uses it for anything...

 andrew


 On Sat, Nov 09, 2013 at 08:28:17PM -0800, d.nix wrote:

 surely someone here has an opinion...

 http://www.nist.gov/itl/csd/ct/nist_beacon.cfm

 :-)


 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.15 (MingW32)
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBAgAGBQJSg7KdAAoJEBt4bfGB1f9U770QAKaizwlAU1em/xtcjiJEPycs
 pP+4suRMEf4xJyk5jR4sEBoWdTK9RsE0kaEgvXZ/3MkNTLoVBs8MxEhDh7z/QhW6
 VWtY29ZH4KAoXfozTMQ0cw1hpA3b5Pab3CcmcpDOYXo6v1um0tDkal8jrLSpDN11
 Prn+tUjC+uGeGnLJOizDpQgefDLYhm4GmcJT+g2kxbsYJ1D4pv6wWWNV596dcIvo
 ScLOefQZr2ELTkCuqPzunKNAP00WCKXvBLB1YcsePaHtmFaIWJIr1Ul6R0ottmqz
 8Z3PCEH2/soi9D55uKDWX85TDjB9u/VU8fnbQYvfrz0eY/K1SSSRMnbF5KDBpAis
 DAC9P3xFS322A+Jt3GgVeTP5BMsNdM1E1Q0Z+yrC+AJu3ONe8smSh/cXBzLZ5RCE
 XVROV8fVJ9JORrdr+oz8YdpqEePsqf9vTVaHz+GW2RnsUi15rtHfyFLt4vm0zA44
 G+eivxbV7eIn27AEm1dMi6Ko/GGZsZumAQkm1DWsIyWmodDggJVOckrH+2litu3F
 dUi/ok1xlDV5qvOhTkMOBD53fHfsh0J0BT0Ec5WXx2RQR/7H2KK8bk6rYLCaYQzW
 Q1rI+a6jfj8CQz6a/Cen16OK7IMByQDpZ1J28v65Fu7lDkm3gVuJp8MvHsaNbHJo
 uO1AKyRSJf5geqdLw3ob
 =hS8R
 -END PGP SIGNATURE-
 ___
 cryptography mailing list
 cryptography@randombit.net
 http://lists.randombit.net/mailman/listinfo/cryptography
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography