It seems to me that while PFS is an excellent back-stop against NSA
having/deriving a website RSA key, it does *nothing* to prevent the kind of
cooperative endpoint scenario that I've seen discussed in other
forums, prompted by the latest revelations about what NSA has been up to.
But if
The magic of public key crypto is that it gets rid of the key
management problem -- if I'm going to communicate with you with
symmetric crypto, how do I get the keys to you? The pain of it is that
it replaces it with a new set of problems. Those problems include that
the amazing power of
On 09/07/2013 12:04 AM, Ben Laurie wrote:
On 26 August 2013 22:43, Perry E. Metzger pe...@piermont.com
mailto:pe...@piermont.com wrote:
(I would prefer to see hybrid capability systems in such
applications, like Capsicum, though I don't think any such have been
ported to Linux
On 09/07/2013 06:57 PM, james hughes wrote:
PFS may not be a panacea but does help.
There's no question in my mind that PFS helps. I have, in the past,
been very in much favor of turning on PFS support in various protocols,
when it has
been available. And I fully understand what the
On 09/10/2013 12:04 PM, Rob Kendrick wrote:
I wonder what people's opinions are on things like the randomsound
daemon that is available for Linux.
Daniel Silverstone, the author, specifically advises people to not use
it. :)
I haven't actually looked at the code. Conceptually, anything with an
I wonder what people's opinions are on things like the randomsound
daemon that is available for Linux.
Similarly, any hardware with an ADC input can be used as a hardware
random noise source, simply by cranking up the gain to suitable levels
where the low-order bit is sampling thermal
On 09/11/2013 07:18 PM, Perry E. Metzger wrote:
The attraction of methods that use nothing but a handful of
transistors is that they can be fabricated on chip and thus have
nearly zero marginal cost. The huge disadvantage is that if your
opponent can convince chip manufacturers to introduce
On 09/12/2013 10:38 PM, Thor Lancelot Simon wrote:
The audio subsystem actually posed *two* obvious opportunities:
amplifier noise from channels with high final stage gain but connected
by a mixer to muted inputs, and clock skew between system timers and
audio sample clocks. The former
On 09/13/2013 11:32 PM, Jerry Leichter wrote:
On Sep 12, 2013, at 11:06 PM, Marcus D. Leech wrote:
There are a class of hyper-cheap USB audio dongles with very uncomplicated
mixer models. A small flotilla of those might get you some fault-tolerance.
My main thought on such things relates