At a stretch, one can imagine circumstances in which trying multiple seeds
to choose a curve would lead to an attack that we would not easily
replicate. I don't suggest that this is really what happened; I'm just
trying to work out whether it's possible.
Suppose you can easily break an elliptic cu
On Sep 10, 2013, at 3:56 PM, Bill Stewart wrote:
>> One point which has been mentioned, but perhaps not emphasised enough - if
>> NSA have a secret backdoor into the main NIST ECC curves, then even if the
>> fact of the backdoor was exposed - the method is pretty well known - without
>> the se
On Tue, Sep 10, 2013 at 3:56 PM, Bill Stewart wrote:
> At 11:33 AM 9/6/2013, Peter Fairbrother wrote:
>
>> However, while the case for forward secrecy is easy to make, implementing
>> it may be a little dangerous - if NSA have broken ECDH then
>> using it only gives them plaintext they maybe didn'
On Wed, Sep 11, 2013 at 2:40 PM, Bill Stewart wrote:
> At 10:39 AM 9/11/2013, Phillip Hallam-Baker wrote:
>
>> Perfect Forward Secrecy is not perfect. In fact it is no better than
>> regular public key. The only difference is that if the public key system is
>> cracked then with PFS the attacker h
At 10:39 AM 9/11/2013, Phillip Hallam-Baker wrote:
Perfect Forward Secrecy is not perfect. In fact it is no better than
regular public key. The only difference is that if the public key
system is cracked then with PFS the attacker has to break every
single key exchange and not just the keys in
On Tue, Sep 10, 2013 at 12:56:16PM -0700, Bill Stewart wrote:
> I thought the normal operating mode for PFS is that there's an
> initial session key exchange (typically RSA) and authentication,
> which is used to set up an encrypted session, and within that
> session there's a DH or ECDH key excha
At 11:33 AM 9/6/2013, Peter Fairbrother wrote:
However, while the case for forward secrecy is easy to make,
implementing it may be a little dangerous - if NSA have broken ECDH then
using it only gives them plaintext they maybe didn't have before.
I thought the normal operating mode for PFS is
we were brought in as consultants to a small client/server startup that wanted to do payment transactions on
their server, they had this technology they called "SSL" they wanted to use, the result is now
frequently called "electronic commerce". The two people at the startup responsible for the
On 6 September 2013 17:20, Peter Saint-Andre wrote:
> Is there a handy list of PFS-friendly
> ciphersuites that I can communicate to XMPP developers and admins so
> they can start upgrading their software and deployments?
>
Anything with EDH, DHE or ECDHE in the name...
On 6/09/13 20:15 PM, Daniel Veditz wrote:
On 9/6/2013 9:52 AM, Raphaël Jacquot wrote:
To meet today’s PCI DSS crypto standards DHE is not required.
PCI is about credit card fraud.
So was SSL ;-) Sorry, couldn't resist...
Mastercard/Visa aren't worried that
criminals are storing all your
On 06/09/13 15:36, Perry E. Metzger wrote:
One solution, preventing passive attacks, is for major browsers
and websites to switch to using PFS ciphersuites (i.e. those
based on ephemeral Diffie-Hellmann key exchange).
It occurred to me yesterday that this seems like something all major
service
On 9/6/2013 9:52 AM, Raphaël Jacquot wrote:
> To meet today’s PCI DSS crypto standards DHE is not required.
PCI is about credit card fraud. Mastercard/Visa aren't worried that
criminals are storing all your internet purchase transactions with the
hope they can crack it later; if the FBI/NSA want y
On 06.09.2013 18:20, Peter Saint-Andre wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/6/13 8:36 AM, Perry E. Metzger wrote:
One solution, preventing passive attacks, is for major
browsers and websites to switch to using PFS ciphersuites (i.e.
those based on ephemeral Diffie-Hellmann
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/6/13 8:36 AM, Perry E. Metzger wrote:
>>> One solution, preventing passive attacks, is for major
>>> browsers and websites to switch to using PFS ciphersuites (i.e.
>>> those based on ephemeral Diffie-Hellmann key exchange).
>
> It occurred to me
> > One solution, preventing passive attacks, is for major browsers
> > and websites to switch to using PFS ciphersuites (i.e. those
> > based on ephemeral Diffie-Hellmann key exchange).
It occurred to me yesterday that this seems like something all major
service providers should be doing. I'm sur
15 matches
Mail list logo