Re: [cryptography] True Random Source, Thoughts about a Global System Perspective

2011-01-26 Thread Thierry Moreau
Peter Gutmann wrote: Thierry Moreau thierry.mor...@connotech.com writes: As a derived engineering strategy, wouldn't it be better to design a system where the long-term secrets are kept in a secure co-processor, Yes, of course, but that's asking the wrong question, what you need to ask is:

Re: [cryptography] True Random Source, Thoughts about a Global System Perspective

2011-01-26 Thread Thierry Moreau
Peter Gutmann wrote: Oh, and just to throw a spanner in the works: I've never seen any standards document or whatever that discusses what to do when you don't have enough entropy available. There are all sorts of Rube-Goldberg entropy-estimation methods, but what do you do when your

Re: [cryptography] True Random Source, Thoughts about a Global System Perspective

2011-01-26 Thread Adam Back
You should presume your CPRNG output is public (eg published on the web) What we are talking about in the real world is C_P_RNGs and the C cryptographic means its suitable for crypto uses, and pseudo means its a tool for stretching some adequate supply of real entropy (eg 128-bits, 256-bits or

[cryptography] Favourite signature scheme?

2011-01-26 Thread Paul Crowley
If you were choosing a signature scheme for a new application and you were not constrained by existing standards or code, what would you choose? Desirable properties might include: * small signatures * fast signature generation * fast signature verification * conservative choice of hard

Re: [cryptography] A REALLY BIG MITM

2011-01-26 Thread Marsh Ray
On 01/25/2011 09:50 PM, Peter Gutmann wrote: This isn't one of those namby-pamby one-site phishing MITMs, this is a MITM of an entire country: http://www.theatlantic.com/technology/archive/2011/01/the-inside-story-of-how-facebook-responded-to-tunisian-hacks/70044/ For those who don't want to

Re: [cryptography] A REALLY BIG MITM

2011-01-26 Thread Peter Gutmann
I wrote: For those who don't want to read the whole thing, the solution was duuhh, we turned on thuh SSL - they were using plain HTTP for logon. Sigh. Looks like they now made HTTPS for login permanent: http://digitizor.com/2011/01/26/facebook-social-login-https/ Funny how so many of these

Re: [cryptography] Favourite signature scheme?

2011-01-26 Thread James A. Donald
On 2011-01-27 12:30 PM, Jon Callas wrote: * We've been telling the world for years that they should avoid home-grown crypto, and that they should stick to well-trodden ground because it's dangerous out there. And they listened to us! But that means that when you talk about the virtues of