On 13/10/2014 01:03 am, coderman wrote:
On 9/22/14, coderman coder...@gmail.com wrote:
...
Please elaborate. TKIP has not been identified as a ‘active attack’
vector.
hi nymble,
it appears no one cares about downgrade attacks, like no one cares
about MitM (see mobile apps and software
On 13/10/2014 14:32 pm, coderman wrote:
On 10/13/14, ianG i...@iang.org wrote:
...
No, and I argue that nobody should care about MITM nor downgrade attacks
nor any other theoretical laboratory thing. I also argue that people
shouldn't worry about shark attacks, lightning or wearing body
Like many people, I consider the seed values used to generate the NIST
Prime curves suspicious.
However, considering one of the scenarios where these curves might be
compromised (the NSA knew of weaknesses in certain curves, and engineered
the NIST Prime curves to be subject to those weaknesses),
On Mon, Oct 13, 2014 at 4:51 PM, Derek Miller dreemkil...@gmail.com wrote:
However, considering one of the scenarios where these curves might be
compromised (the NSA knew of weaknesses in certain curves, and engineered
the NIST Prime curves to be subject to those weaknesses)
interestingly,
I forget, what was the original inputs to the hash?
On Mon, Oct 13, 2014 at 8:14 AM, Krisztián Pintér pinte...@gmail.com
wrote:
On Mon, Oct 13, 2014 at 4:51 PM, Derek Miller dreemkil...@gmail.com
wrote:
However, considering one of the scenarios where these curves might be
compromised (the
On 10/13/14, ianG i...@iang.org wrote:
...
your welcome ;-)
a considered and insightful response to my saber rattling diatribe.
i owe you a beer, sir!
Ah well, there is another rule we should always bring remember:
Do not use known-crap crypto.
Dual_EC_DRBG is an example of a crap
On 13/10/14 15:51, Derek Miller wrote:
Like many people, I consider the seed values used to generate the NIST
Prime curves suspicious.
However, considering one of the scenarios where these curves might be
compromised (the NSA knew of weaknesses in certain curves, and engineered
the NIST
On Mon, Oct 13, 2014 at 7:51 AM, Derek Miller dreemkil...@gmail.com wrote:
If the NIST curves are weak in a way that we don't understand, this means
that ECC has properties that we don't understand.
While there's djb's worry that the NSA may have tweaked a curve parameter
in such a way as to
Krisztian,
Thanks for the additional scenario (I had not even considered trusting the
NSA, so had not considered that scenario).
However, both scenarios (NSA engineered them to be bad, NSA engineered them
to be good) mean that the NSA knows a great deal more about weaknesses in
Elliptic Curve
On Mon, Oct 13, 2014 at 9:19 AM, Derek Miller dreemkil...@gmail.com wrote:
However, both scenarios (NSA engineered them to be bad, NSA engineered
them to be good) mean that the NSA knows a great deal more about weaknesses
in Elliptic Curve Cryptography than we do. Doesn't that give you great
On 10/13/2014 06:14 PM, Tony Arcieri wrote:
On Mon, Oct 13, 2014 at 7:51 AM, Derek Miller dreemkil...@gmail.com
mailto:dreemkil...@gmail.com wrote:
If the NIST curves are weak in a way that we don't understand, this
means that ECC has properties that we don't understand.
While
Derek Miller (at Monday, October 13, 2014, 6:19:07 PM):
However, both scenarios (NSA engineered them to be bad, NSA
engineered them to be good) mean that the NSA knows a great deal
more about weaknesses in Elliptic Curve Cryptography than we do.
Doesn't that give you great pause in using the
On 10/12/14, coderman coder...@gmail.com wrote:
...
also, the definitive paper at http://www.isg.rhul.ac.uk/tls/ still
insists, For WPA/TKIP, the only reasonable countermeasure is to
upgrade to WPA2. which is either incompetently incorrect, or
intentional indirection.
there is a third
13 matches
Mail list logo