Re: [Cryptography] Bruce Schneier has gotten seriously spooked

2013-09-06 Thread Lodewijk andré de la porte
That they have the capacity doesn't mean they ever actually did it, Schneier's comment is conservative. It is obviously within in their (legal) capacity to change anything going accross US and INTNET cables and to forge a some families of signatures. 2013/9/6 Eugen Leitl eu...@leitl.org On

Re: [Cryptography] Washington Post: Google racing to encrypt links between data centers

2013-09-06 Thread Lodewijk andré de la porte
Right. Maybe some AES32? 2013/9/7 Perry E. Metzger pe...@piermont.com Quoting: Google is racing to encrypt the torrents of information that flow among its data centers around the world, in a bid to thwart snooping by the NSA as well as the intelligence agencies of foreign

Re: [Cryptography] Why prefer symmetric crypto over public key crypto?

2013-09-08 Thread Lodewijk andré de la porte
Public key depends on high level math. That math has some asymetric property that we can use to achieve the public-private key relationships. The problem is that the discovery of smarter math can invalidate the asymetry and make it more symetrical. This has to do with P=NP, which is also less

Re: [Cryptography] An NSA mathematician shares his from-the-trenches view of the agency's surveillance activities

2013-09-18 Thread Lodewijk andré de la porte
Everybody has to write a statement. The statement that most convinces the public that we're okay gets published and a big-o-bonus. You guys have 3 days. ___ The cryptography mailing list cryptography@metzdowd.com

Re: [Cryptography] Hardware Trojan Protection

2013-09-25 Thread Lodewijk andré de la porte
2013/9/24 Bill Frantz fra...@pwpconsult.com Field Programmable Gate Arrays (FPGA) Yeah, those are definitely probably reflashable more easily than you'd like. They're a bit more tricky than they'd seem to be at first. Definitely a better choice than Intel though. On the todo list.

Re: [Cryptography] RSA equivalent key length/strength

2013-09-29 Thread Lodewijk andré de la porte
2013/9/29 James A. Donald jam...@echeque.com (..) fact, they are not provably random, selected (...) fixed that for you It seems obvious that blatant lying about qualities of procedures must have some malignant intention, yet ignorance is as good an explanation. I don't think lying the other

Re: [Cryptography] Why is emailing me my password?

2013-10-01 Thread Lodewijk andré de la porte
It's reasonable as it's not a security sensitive environment. Please for the love of god let some environments stay low-sec. 2013/10/1 Nick cryptography-l...@njw.me.uk On Tue, Oct 01, 2013 at 10:28:48AM -0400, Greg wrote: So, my password, iPoopInYourHat, is being sent to me in the clear by

Re: [Cryptography] Why is emailing me my password?

2013-10-02 Thread Lodewijk andré de la porte
2013/10/2 Russ Nelson nel...@crynwr.com If you are proposing that something needs stronger encryption than ROT-26, please explain the threat model that justifies your choice of encryption and key distribution algorithms. ROT-26 is fantastic for certain purposes. Like when encrypting for kids

Re: [Cryptography] encoding formats should not be committee'ized

2013-10-03 Thread Lodewijk andré de la porte
IMO readability is very hard to measure. Likely things being where you expect them to be, with minimal confusing characters but clear anchoring so you can start reading from anywhere. If someone could write a generative meta-language we can then ask people to do text comprehension tasks on the

Re: [Cryptography] P=NP on TV

2013-10-07 Thread Lodewijk andré de la porte
So their research was stolen and they were assassinated by the NSA? Makes sense. (Except for the NSA's lack of field agents! CIA involvement is required) ___ The cryptography mailing list cryptography@metzdowd.com

Re: [Cryptography] Iran and murder

2013-10-10 Thread Lodewijk andré de la porte
2013/10/9 Phillip Hallam-Baker hal...@gmail.com I see cyber-sabotage as being similar to use of chemical or biological weapons: It is going to be banned because the military consequences fall far short of being decisive, are unpredictable and the barriers to entry are low. I doubt that's

Re: [Cryptography] Elliptic curve question

2013-10-10 Thread Lodewijk andré de la porte
2013/10/10 Phillip Hallam-Baker hal...@gmail.com The original author was proposing to use the same key for encryption and signature which is a rather bad idea. Explain why, please. It might expand the attack surface, that's true. You could always add a signed message that says I used a key

Re: [Cryptography] Iran and murder

2013-10-10 Thread Lodewijk andré de la porte
2013/10/10 John Kelsey crypto@gmail.com The problem with offensive cyberwarfare is that, given the imbalance between attackers and defenders and the expanding use of computer controls in all sorts of systems, a cyber war between two advanced countries will not decide anything militarily,