Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?

2013-08-26 Thread Tony Arcieri
.a.0.1.0.0.2.ip6.arpa/~bauerm/names/DHTsec.pdf -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] In the face of cooperative end-points, PFS doesn't help

2013-09-07 Thread Tony Arcieri
the traffic, even with PFS. Likewise with perfect forward secrecy, they can collect and store all your traffic for the next 10-20 years when they get a large quantum computer, and decrypt your traffic then. PFS is far from perfect -- Tony Arcieri

Re: [Cryptography] Washington Post: Google racing to encrypt links between data centers

2013-09-07 Thread Tony Arcieri
On Fri, Sep 6, 2013 at 4:53 PM, Marcus D. Leech mle...@ripnet.com wrote: One wonders why they weren't already using link encryption systems? Probably line rate and the cost of encrypting every single fiber link. There are few vendors who sell line rate encryption for 10Gbps+ -- Tony Arcieri

Re: [Cryptography] Why prefer symmetric crypto over public key crypto?

2013-09-07 Thread Tony Arcieri
) or code-based (McEliece/McBits) public key systems are still considered post-quantum algorithms. There are no presently known quantum algorithms that work against these sorts of systems. See http://pqcrypto.org/ -- Tony Arcieri ___ The cryptography

Re: [Cryptography] AES state of the art...

2013-09-09 Thread Tony Arcieri
-128 over AES-256. However, that is not the case. Here's a relevant page from Schneier's book Cryptography Engineering in which he recommends AES-256 (or switching to an algorithm without known attacks): https://pbs.twimg.com/media/BEvLoglCcAAqg4E.jpg -- Tony Arcieri

Re: [Cryptography] Seed values for NIST curves

2013-09-09 Thread Tony Arcieri
. The question is... suitable for what? djb argues it could be used to find a particularly weak curve, depending on what your goals are: http://i.imgur.com/o6Y19uL.png (originally from http://www.hyperelliptic.org/tanja/vortraege/20130531.pdf) -- Tony Arcieri

Re: [Cryptography] What TLS ciphersuites are still OK?

2013-09-10 Thread Tony Arcieri
, aside from maybe this draft supporting Salsa20: http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02 -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Seed values for NIST curves

2013-09-10 Thread Tony Arcieri
's parameters are provided in the paper. The 2^255-19 constant was selected by a theorem (see Theorem 2.1): http://cr.yp.to/ecdh/curve25519-20060209.pdf -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com

Re: [Cryptography] Radioactive random numbers

2013-09-12 Thread Tony Arcieri
-random-number-generator -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Perfection versus Forward Secrecy

2013-09-12 Thread Tony Arcieri
that will render messages unbreakable forever. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Perfection versus Forward Secrecy

2013-09-14 Thread Tony Arcieri
you can buy. I wouldn't be surprised to see a large quantum computer built in the next two decades. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Quantum Computers for Shor's Algorithm (was Re: Perfection versus Forward Secrecy)

2013-09-14 Thread Tony Arcieri
on the horizon, or if it falls into a category like nuclear fusion where work on it drags on indefinitely. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Why prefer symmetric crypto over public key crypto?

2013-09-15 Thread Tony Arcieri
on the table if you want to build a quantum-proof system. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] The paranoid approach to crypto-plumbing

2013-09-16 Thread Tony Arcieri
some real advantages. I wish there was a term for this sort of design in encryption systems beyond just defense in depth. AFAICT there is not such a term. How about the Failsafe Principle? ;) -- Tony Arcieri ___ The cryptography mailing list

Re: [Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point

2013-09-17 Thread Tony Arcieri
. The NSA of course participated in active attacks too, but it seems their main MO was passive traffic collection. But yes, endpoint security is weak, and an active attacker would probably choose that approach over trying to break particular algorithms. -- Tony Arcieri

Re: [Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point

2013-09-17 Thread Tony Arcieri
accelerator hardware, stolen keys, etc., and a smart attacker goes for the points of weakness. As a counterpoint to what I was saying earlier, here's a tool that's likely focusing on the wrong problems: https://keybase.io/triplesec/ -- Tony Arcieri

Re: [Cryptography] TLS2

2013-09-30 Thread Tony Arcieri
C code? The theoretical argument against something like this is the resulting C code is a weird machine, i.e. ASN.1 cannot be understood by a pushdown automaton or described by a context-free grammar. See: http://www.cs.dartmouth.edu/~sergey/langsec/papers/langsec-tr.pdf -- Tony Arcieri

Re: [Cryptography] TLS2

2013-09-30 Thread Tony Arcieri
for a lot less modes and ciphers. And probably non-NIST curves while we're at it. Sounds like you want CurveCP? http://curvecp.org/ -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo

Re: [Cryptography] encoding formats should not be committee'ized

2013-10-01 Thread Tony Arcieri
grammar which is hopefully regular, context-free, or context-sensitive in a limited manner -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] encoding formats should not be committee'ized

2013-10-01 Thread Tony Arcieri
On Mon, Sep 30, 2013 at 6:04 PM, Mark Atwood m...@mark.atwood.name wrote: YAML? YAML is a bit insane ;) There's JSON, and also TOML: https://github.com/mojombo/toml -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http

Re: [Cryptography] encoding formats should not be committee'ized

2013-10-01 Thread Tony Arcieri
mistakes can radically alter the interpretation of a file. And on Ruby, it was a remote code execution vulnerability waiting to happen. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo

Re: [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

2013-10-01 Thread Tony Arcieri
looking seeds, continuing until the curve parameters, after the seed is run through SHA1, fall into the class that's known to be weak to them. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman

Re: [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

2013-10-01 Thread Tony Arcieri
is they probably didn't. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Linux /dev/random and /dev/urandom

2013-10-01 Thread Tony Arcieri
On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff j...@av8n.com wrote: I'm sure the driver was written by highly proficient cryptographers, and subjected to a meticulous code review. I'll just leave this here: http://eprint.iacr.org/2013/338.pdf -- Tony Arcieri

Re: [Cryptography] [cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

2013-10-01 Thread Tony Arcieri
, so we would expect that Dual_EC_DRBG was their failed attempt to tamper with a cryptographic standard, and so we would overlook the more sinister and subtle attempts to tamper with the NIST curves/tinfoilhat -- Tony Arcieri ___ The cryptography mailing

Re: [Cryptography] encoding formats should not be committee'ized

2013-10-01 Thread Tony Arcieri
/2013-October/023009.html -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] AES-256- More NIST-y? paranoia

2013-10-03 Thread Tony Arcieri
might consider looking for a better cipher at this point. The rationale is that AES-256 still provides a wider security margin. -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo