Re: Intel to also add RNG

2010-07-12 Thread Paul Wouters
On Mon, 12 Jul 2010, Ben Laurie wrote: On 2 July 2010 13:19, Eugen Leitl wrote: Tuesday, June 29, 2010 Nanoscale Random Number Circuit to Secure Future Chips Intel

Re: Intel to also add RNG

2010-07-12 Thread Paul Wouters
On Mon, 12 Jul 2010, Eric Murray wrote: Then there's FIPS- current 140 doesn't have a provision for HW RNG. They certify software RNG only, presumeably because proving a HW RNG to be random enough is very difficult. So what's probably the primary market (companies who want to meet FIPS) isn't

Re: Fw: Root Zone DNSSEC Deployment Technical Status Update

2010-07-17 Thread Paul Wouters
On Fri, 16 Jul 2010, Taral wrote: Neat, but not (yet) useful... only these TLDs have DS records: The rest will follow soon. And it is not that you had to stop those TLD trust anchors just now. Several are using old SHA-1 hashes... old ? Paul

SHA256 reduced to 112 bits?

2010-07-29 Thread Paul Wouters
Hi, I've heard rumors of an attack on the SHA-2 family reducing complexity of SHA256 to something less or equal of 112 bits. This attack will apparently be announced in a few days - perhaps at Black Hat or Def Con? I would be interested in knowing more. Paul

Re: Persisting /dev/random state across reboots

2010-07-29 Thread Paul Wouters
On Thu, 29 Jul 2010, Richard Salz wrote: At shutdown, a process copies /dev/random to /var/random-seed which is used on reboots. Is this a good, bad, or shrug, whatever idea? I suppose the idea is that all startup procs look the same ? better then not. A lot of (pseudo)random comes from disk

Re: GSM eavesdropping

2010-08-02 Thread Paul Wouters
On Mon, 2 Aug 2010, Perry E. Metzger wrote: For example, in the internet space, we have http, smtp, imap and other protocols in both plain and ssl flavors. (IPSec was originally intended to mitigate this by providing a common security layer for everything, but it failed, for many reasons. Nico

Re: GSM eavesdropping

2010-08-03 Thread Paul Wouters
On Mon, 2 Aug 2010, Nicolas Williams wrote: If that was a major issue, then SSL would have been much more successful then it has been. How should we measure success? The default mode for any internet communication is encrypted By that measure TLS has been so much more successful than

Re: /dev/random and virtual systems

2010-08-03 Thread Paul Wouters
On Mon, 2 Aug 2010, Yaron Sheffer wrote: In addition to the mitigations that were discussed on the list, such machines could benefit from seeding /dev/random (or periodically reseeding it) from the *host machine's* RNG. This is one thing that's guaranteed to be different between VM instances.

Re: 2048-bit RSA keys

2010-08-17 Thread Paul Wouters
On Tue, 17 Aug 2010, Steven Bellovin wrote: They also suggest that a 3-4 year phase-out of 1024-bit moduli is the proper course. Note that this is because they take into consideration that secrets have to be unbreakable for decade(s), which is not the case for all uses of RSA. For example in

Re: towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

2010-08-26 Thread Paul Wouters
On Thu, 26 Aug 2010, wrote: as previously mentioned, somewhere back behind everything else ... there is strong financial motivation in the sale of the SSL domain name digital certificates. While I am *not* arguing that point, per se, if having a better solution would require,

Re: Disk encryption advice...

2010-10-08 Thread Paul Wouters
On Fri, 8 Oct 2010, Perry E. Metzger wrote: I have a client with the following problem. They would like to encrypt all of their Windows workstation drives, but if they do that, the machines require manual intervention to enter a key on every reboot. Why is this a problem? Because installations

Re: [Cryptography] Is DNSSEC is really the right solution? [djb video]

2013-09-09 Thread Paul Wouters
On Sun, 8 Sep 2013, Daniel Cegiełka wrote: Subject: Re: [Cryptography] Opening Discussion: Speculation on BULLRUN Is DNSSEC is really the right solution? That is the most unprofessional talk I've seen djb give. He bluffed a bunch of fanboys with

Re: [Cryptography] [cryptography] very little is missing for working BTNS in Openswan

2013-09-13 Thread Paul Wouters
On Thu, 12 Sep 2013, Nico Williams wrote: Note: you don't just want BTNS, you also want RFC5660 -- IPsec channels. You also want to define a channel binding for such channels (this is trivial). To summarize: IPsec protects discrete *packets*, not discrete packet *flows*. This means that