On 20/08/13 03:46 AM, Peter Gutmann wrote:
shawn wilson ag4ve...@gmail.com writes:
It's not like they're the only ones that sell these, but they /were/ the only
ones to sell USB PRNG at $800.
You can get them for as little as $50 in the form of USB-key media players
running Android. Or if
ianG i...@iang.org writes:
On a related point, what name do we give to the design/pattern for
entropy sources == mix/pool == deterministic expansion function
?
The standard way to do things? Or a standard CSPRNG (continually seeded
PRNG).
Peter.
On 20 August 2013 01:46, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
I don't see what the point is though, given that there's more than enough
noisy data available on a general-purpose PC.
A general purpose cloud VM where an attacker has a chance to run his VM
on the same underlying hardware
On 2013-08-20 1:31 AM, ianG wrote:
It's a recurring theme -- there doesn't seem to be enough market
demand for Hardware RNGs.
Every microphone is a hardware RNG
___
cryptography mailing list
cryptography@randombit.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/08/13 07:08, ianG wrote:
On a related point, what name do we give to the design/pattern for
entropy sources == mix/pool == deterministic expansion function
? I was asked this seconds after tasking my intern to build one
:-/
Seems like
Not exactly. I think havaged is better at this as you're relying on the same
type of data but with a single source. I also don't believe you want a
microphone inline in order to do this. You should rely purely on electric noise
with the ADC/mixer. I don't even think the volume level affects the
Hi all,
at GlobaLeaks we are going to implement a feature that want to mitigate
time correlation attacks between a Whistleblower submitting something
and a Receiver, receiving a notification that there's a new leak
outstanding to be accessed.
We already had a internal discussion and received
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
___
cryptography mailing list
Most regular people can't accurately test or evaluate the output.
Numbers aren't random, the sources are. You can't just judge a PRNG by
it's output. For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter, and if somebody
would know that fixed value
On Tue, Aug 20, 2013 at 5:58 PM, Natanael natanae...@gmail.com wrote:
For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter
Yes, and in an application where even that trivial design would serve
to fit some use, testing the apparent randomness.of
On 2013-08-21 7:33 AM, grarpamp wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
We all know that randomness is required for good crypto, but what is the a
measurable difference in the quality of the crypto if using a Linux PRNG
(or in our case the Java SecureRandom PRNG)? How much easier is it to
crack an encrypted file done with such weaker PRNGs compared to the
hardware
Jingle supports voice, video, and text messaging.
OTR is a reasonably user friendly encryption system, or at least less
user hostile than most, that, unlike skype, does not suffer a central
point of failure
pidgin supports both jingle and otr, as well as just about everything
else in the
Hi Fabio,
While I don't mean to be dismissive, I suspect your threat model is flawed
for the following reasons:
i. Most mid to large companies would not permit the use of Tor within their
infrastructure and even if the hypothetical company did, it doesn't take a
whole lot of effort to track down
https://jitsi.org/Documentation/ZrtpFAQ
ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
without additional infrastructure, server programs, registration, and
alike.
While this doesn't state outright that Jitsi uses ZRTP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/20/13 8:31 PM, Natanael wrote:
https://jitsi.org/Documentation/ZrtpFAQ
ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
without additional infrastructure, server
On 2013-08-21 12:33 PM, Peter Saint-Andre wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/20/13 8:31 PM, Natanael wrote:
https://jitsi.org/Documentation/ZrtpFAQ
ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
Well, the point here is that ZRTP for video and voice pretty much is
functionally equivalent to OTR for IM. OTR is designed for messages,
ZRTP is designed for data streams.
2013/8/21 James A. Donald jam...@echeque.com:
On 2013-08-21 12:33 PM, Peter Saint-Andre wrote:
-BEGIN PGP SIGNED
On 2013-08-21 2:00 PM, Natanael wrote:
Well, the point here is that ZRTP for video and voice pretty much is
functionally equivalent to OTR for IM. OTR is designed for messages,
ZRTP is designed for data streams.
Ah yes, I see:
I was thinking of the problem from a text point of view, where
19 matches
Mail list logo
