I don't see why you'd want split keys when it's already homomorphic.
What would be the additional gain of that?
Unless they need half the key to do the homomorphic computations.
Also, homomorphic encryption and computation is usually slow. VERY slow.
On Sun, Feb 19, 2012 at 17:22, Nico Williams
There are multiparty computation too, but that's a bit different since it's
essentially an encrypted VM where everybody runs one part. It could do the
same thing without a snigle trusted party, though.
On Sun, Feb 19, 2012 at 22:34, James A. Donald jam...@echeque.com wrote:
On 2012-02-20 2:08
Hmm... Where have I heard of that idea before...
http://disattention.com/78/digital-currencies-crypto-finance-and-open-source/#ot
https://github.com/FellowTraveler/Open-Transactions
https://github.com/FellowTraveler/Open-Transactions/wiki/FAQ
UNTRACEABLE DIGITAL CASH? … FOR REAL?
Is this the
NSA flamebait? Hehe.
On Sat, Mar 24, 2012 at 18:14, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Mar 23, 2012 at 8:08 PM, Randall Webmail rv...@insightbb.com
wrote:
From: Jeffrey I. Schiller j...@qyv.net
I bet everyone on this list can send encrypted messages to each other
and they
What I think people react on is that it's really pointless to use decimals
and having to keep track of when they repeat. A simple RNG with normal
numbers could be used instead, and probably *should* be used unless your
crypto really *needs* numbers consisting of primes divided by primes.
So
. but a good deterent.
--- natanae...@gmail.com wrote:
From: Natanael natanae...@gmail.com
To: givo...@37.com
Cc: cryptography@randombit.net, jam...@echeque.com
Subject: Re: [cryptography] non-decryptable encryption
Date: Tue, 19 Jun 2012 12:07:26 +0200
What I think people react
: Natanael natanae...@gmail.com, cryptography@randombit.net
cryptography@randombit.net
Subject: Re: [cryptography] non-decryptable encryption
Date: Mon, 18 Jun 2012 18:20:13 +0200
Natanael natanae...@gmail.com wrote:
One: On the second paper, you assume a prime number as long as the message
Never trust that the server delete data.
- Sent from my tablet
Den 21 jul 2012 11:15 skrev cryptoquesti...@safe-mail.net:
Hello, I have a question regarding encrypted bloom filter protocols. I
have come to the understanding that I can use such protocols to allow a
client to query a server for
If the trustee (correct word?) stops passing the messages to your CDMS
(cryptographic dead man switch), it would simply decrypt the original
message automatically. So you can not put the entire mechanism in the hands
of the trustee, especially not the part that authorizes the decryption. I
could
Does anybody here take quantum crypto seriously? Just wondering. I do not
see any benefit over classical methods. If one trusts the entire link and
knows it's not MitM'd in advance, what advantage if any does quantum key
distribution have over ordinary methods? And isn't it just as useless
It can detect passive snooping, not full MITM.
- Sent from my tablet
Den 18 sep 2012 18:17 skrev Zack Weinberg zack.weinb...@sv.cmu.edu:
On Tue, Sep 18, 2012 at 3:30 PM, Natanael natanae...@gmail.com wrote:
Does anybody here take quantum crypto seriously? Just wondering. I do not
see any
But you can't revoke his ability to keep bruteforcing the message.
- Sent from my tablet
Den 19 sep 2012 23:01 skrev mhey...@gmail.com mhey...@gmail.com:
Doh, don't know why I brought public-key crypto into this. There isn't
a need for it. Just pick, say, an AES key and give the trustee some
bruteforcing of anything.
- Sent from my tablet
Den 5 sep 2012 16:21 skrev Natanael natanae...@gmail.com:
If the trustee (correct word?) stops passing the messages to your CDMS
(cryptographic dead man switch), it would simply decrypt the original
message automatically. So you can not put
I can not imagine anything inherently trustable. I do not want to trust
that single server won't be hacked, tapped by NSA or raided by FBI.
Den 22 sep 2012 22:49 skrev StealthMonger stealthmon...@nym.mixmin.net:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James A. Donald jam...@echeque.com
In that case Anonymous and other hacker groups is your problem.
Den 23 sep 2012 01:37 skrev StealthMonger stealthmon...@nym.mixmin.net:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Natanael natanae...@gmail.com writes:
I do not want to trust that single server won't be hacked, tapped
Homomorphic encryption isn't really that new, it's just that it's starting
to get practical first now.
On Wed, Sep 26, 2012 at 11:49 PM, Moti m...@cyberia.org.il wrote:
http://www.americanscientist.org/issues/num2/2012/5/alice-and-bob-in-cipherspace/1
AFAIK the key is just generated once and then hashes are generated in two
rounds, if it is 0xFC at the first try it's done, otherwise it runs more
checksum rounds in groups of two.
Den 4 okt 2012 22:55 skrev Guus Sliepen g...@sliepen.org:
On Thu, Oct 04, 2012 at 02:37:53PM +0200, Eugen Leitl
Bitcoin based DNS? That would be Namecoin. I am unsure if it also manages
SSL or similiar link encryption or if that is a separate thing for the
scheme.
Den 6 jan 2013 08:27 skrev James A. Donald jam...@echeque.com:
On 2013-01-05 12:07 PM, Morlock Elloi wrote:
Correct. The cost of being CA is
On topic for the thread: I don't *think* there's currently any insurance
companies with special policies for CA:s. There might be about 600
organizations that can issue SSL certs according to EFF, but there's more
insurance companies than that in the world. Most of them probably don't
have many
personally don't think as many people would be interested in the
discussions. But then I don't have any data on that, and I don't know how
many or what kind of responses you got.
2013/1/26 Paul Hoffman paul.hoff...@vpnc.org
On Jan 25, 2013, at 4:11 PM, Natanael natanae...@gmail.com wrote
This is precisely how I2P eepsites work. The true addresses are [52
characters of b32 encoded checksum of public key].b32.i2p while the
hosts.txt file is a list of these with their readable [sitename].i2p
domains. You can modify your own lists as you wish.
I2P Messenger and Bote mail could be
The OCR file link is wrong. Ditch that e in text.
http://cryptome.org/2013/03/nsa-cryptologs-txt.zip
2013/3/20 John Young j...@pipeline.com
Most of the Cryptologs were formerly classified Top Secret.
NSA calls it a monumental release.
Non-searchable image files at NSA:
From what I have read, and as far as I have understood it, your
zero-knowledge proofs are linked to a specific state of your choice. In
other words, you prove that your Zerocoin mint was one of a certain set of
Zerocoin mints. One can ONLY test the zero-knowledge proof against that set
(since you
My suggestion is that you research the history of (cryptographic)
authentication, mutual authentication (thanks Wikipedia for that phrase)
and MITM. (Maybe you already have done that, though?)
I can at least point out that spy agencies have known for many many decades
that you can not securely
So basically, the way around having one insecure channel is to use so many
insecure channels that the same attacker can't control them all. Which IRL
means you run around between computers and check if what you published is
available under the exact identity/keys you specified, and keep making up
Isn't that equivalent to sender doing XOR on the plaintext, recipient doing
XOR on first ciphertext, sender doing another XOR on second ciphertext to
create third ciphertext, and the recipient doing XOR again to get plaintext?
That's key-reuse and breaks XOR/OTP. The middleman simply XORs the
Would anybody dare to use a SHA256 based stream cipher? (XOR with checksum
of key and counter or whatever you want to throw in there.) Would it be
faster than RC4/Salsa20? I'm a bit curious about why nobody seems to be
using hash/checksum based stream ciphers.
2013/6/23 James A. Donald
That depends on the system. Consider how HDCP encryption was broken;
https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
It used a scheme where access to enough keys allowed you to calculate the
master key, breaking the entire scheme.
2013/6/25 Bill Scannell
we try to start a new project (if needed) to create one?
(I would like one with at least the same level of functionality as I2P,
even if it would have to have a very different architecture.)
2013/6/30 Jacob Appelbaum ja...@appelbaum.net
Natanael:
I would like to point out that the developers
chat (IM or IRC) or continous browsing.
2013/6/30 Jacob Appelbaum ja...@appelbaum.net
Natanael:
I'm not seeing that many options though. The Phantom project died pretty
fast;
https://code.google.com/p/phantom/
https://groups.google.com/forum/#!forum/phantom-protocol
http://phantom
Convergence, (in-browser) certificate pinning, and a few more. You could
also use DNSSEC to serve the certificate.
2013/6/30 James A. Donald jam...@echeque.com
The biggest Tor vulnerability is that governments and large criminal
organizations (but I repeat myself) can use their influence over
That's trademarks, not copyright, and they get it transfered IF they
request it and the original owner did not have a valid reason to use that
domain with the trademarked name/phrase.
And either way, reusing previously malicious domains for legit purposes is
probably THE WORST method ever of
Most regular people can't accurately test or evaluate the output.
Numbers aren't random, the sources are. You can't just judge a PRNG by
it's output. For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter, and if somebody
would know that fixed value
https://jitsi.org/Documentation/ZrtpFAQ
ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
without additional infrastructure, server programs, registration, and
alike.
While this doesn't state outright that Jitsi uses ZRTP
MESSAGE-
Hash: SHA1
On 8/20/13 8:31 PM, Natanael wrote:
https://jitsi.org/Documentation/ZrtpFAQ
ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
without additional infrastructure, server programs, registration
The client and the server shouldn't both generate responses exactly the
same way with the same key, no. If you use HMAC, I think including a simple
identifier would be good enough. Something like this: HMAC(key, device ID
+ counter + timestamp), where the server and client has different IDs.
Den
Bitcoin Brainwallet software creates ECDSA keys that you can use for
multiple purposes, not only for Bitcoin.
A link to Phidelius, which was previously mentioned:
http://dankaminsky.com/2012/01/03/phidelius/
---
I would like to see some standardized hierarchial deterministic scheme
to generate
Elsewhere it has been speculated that they got access to the VPN they used.
2013/8/27 pjklau...@gmail.com:
Dear Cryptographers,
The article on UN video-conference spying allegations (
http://america.aljazeera.com/articles/2013/8/25/nsa-bugged-u-n-headquarters.
html ) claims:
In the summer
Considering that it's designed to not trust the servers in the first
place (just your gateway, which often will be part of your own client
or otherwise run locally), it's not all too hard. If you've verified
the client, then you can be sure your data is secure.
2013/8/29 Nikos Fotiou
I made a suggestion like this elsewhere:
Store the keys split up in several different files using Shamir's Secret
Sharing Scheme. Encrypt each file with a different key. Encrypt those keys
with a master key. XOR each encrypted key with the SHA256 of their
respective encrypted files. Put those
For your question: Session keys and key rotation?
Den 25 sep 2013 16:11 skrev John Young j...@pipeline.com:
NSA Technical Journal published The Unbreakable Cipher in Spring 1961.
http://www.nsa.gov/public_info/_files/tech_journals/The_Unbreakable_Cipher.pdf
Excerpts:
[Quote]
David Kahn,
Carrier-agnostic encrypted mesh routing software: CJDNS.
Cantenna, IR-link based RONJA, ethernet/LAN, whatever. If you've got a
data link you can use it.
It creates an IPv6 network internally in the 'fc' range (private
network) where the address is a hash of the node's public key.
On Wed, Sep
That would be known plaintext attack (or statistical analysis like how
simple ciphers typically are broken) vs chosen plaintext attack (BREACH is
the latter, while compression would increase entropy density to make the
former harder since each individual bit becomes harder to predict).
Sorry, no
Should we create some kind of CRL style protocol for algorithms? Then we'd
have a bunch of servers run by various organizations specialized on
crypto/computer security that can issue warnings against unsecure
algorithms, as well as cipher modes and combinations of ciphers and
whatever else it
No hints at what kind of client it takes? Custom config or recompile?
- Sent from my phone
Den 1 nov 2013 05:11 skrev coderman coder...@gmail.com:
On Thu, Oct 31, 2013 at 7:55 PM, coderman coder...@gmail.com wrote:
my contempt for email is well known and reinforced by choice of provider.
Can't the distributed pool P2Pool easily be updated to account for that?
- Sent from my phone
Den 4 nov 2013 16:33 skrev Peter Todd p...@petertodd.org:
On Mon, Nov 04, 2013 at 09:31:04AM -0430, Karn Kallio wrote:
The paper Majority is not Enough Bitcoin Mining is Vulnerable may be of
SCIPR is another one. http://www.scipr-lab.org/
If it became efficient it could be useful for mining in a Bitcoin fork
(commonly called altcoins). Don't know what kind of computations you'd
actually would want it to do, though. Most meaningful computations could
easily be deprecated by better
Proof-of-work, just like Bitcoin itself uses for hashing? See hashcash as
well. Require that the message in question is hashed together with a random
value, with an output that matches a given pattern. And specify that one
part of the message has to be the hash of a Bitcoin block from the given
Because there's no guarantees at all for anything at all for that site.
On Wed, Nov 13, 2013 at 6:10 PM, Joshua Kingsolver Price
jprice...@ivytech.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Something of a noob question, but what about random.org? Is there some
reason why this
Say hello to Bote mail on I2P.
I2P provides encrypted anonymizing networking, Bote mail provides DHT based
serverless encrypted mailing with public crypto keys as addresses (ECDSA or
NTRU).
http://i2p2.de and i2pbote.i2p (if you don't have I2P installed, add .us to
visit it via an inproxy).
passive traffic analysis, then improve
current systems to provide some added protection against metadata,
focusing in a far future, when the new system got already wide adoption,
make it perfect.
Fabio
Il 11/25/13, 7:20 PM, Natanael ha scritto:
Say hello to Bote mail on I2P.
I2P provides
That can really only be solved by gateways, IMHO. It's the only way to talk
between the systems that don't put limits on how secure either one can be.
- Sent from my phone
Den 26 nov 2013 16:09 skrev c1cc10 r...@isolved.it:
If we're discussing about this topic it is because of people. emails
Bote mail doesn't have to be used for it's anonymous properties, for me
that is just a bonus. For many people it is more than enough to be able to
know that it is impossible for anybody else than the intended recipient to
read the message thanks to public key addressing. Guaranteed end-to-end
So, Convergence/Perspectives done on email headers?
- Sent from my phone
Den 27 nov 2013 22:07 skrev Stephen Farrell stephen.farr...@cs.tcd.ie:
On 11/27/2013 09:01 PM, Jeffrey Walton wrote:
Isn't the key distribution problem being pushed into DNS? The
underlying problem still exists.
Sounds just like the Bitcoin blockchain to me. Or maybe the fork Namecoin.
- Sent from my phone
Den 18 dec 2013 02:20 skrev James A. Donald jam...@echeque.com:
On 2013-12-18 04:38, Joseph Birr-Pixton wrote:
In very general terms, you cannot hope to achieve confidentiality
without
It's always a good idea to use several entropy sources and
cryptographically mix their outputs into your pool. They won't reduce your
total entropy either way, any predictable sources will only be adding less
entropy than promised.
- Sent from my phone
Den 19 dec 2013 09:19 skrev Joachim
That sounds a lot like my Web of Trust based DNS suggestion. Link:
http://www.reddit.com/r/Meshnet/comments/o3wex/wotdns_web_of_trust_based_domain_name_system
Domain names would not be globally unique, where they go would instead be
based on each individual node's trust ranking for the site's
...
I'm not so sure about this, look at all the global resources being poured
into traditional email, and attempts to 'fix' it. Now redirect fractional
1%
of those resources and put them into a P2P replacement. That's ftw.
=
natanael...
Say hello to Bote mail on I2P.
I2P provides
Den 3 jan 2014 20:42 skrev coderman coder...@gmail.com:
use case is long term (decade+) identity rather than privacy or
session authorization.
eternity key signs working keys tuned for speed with limited secret
life span (month+). working keys are used for secret exchange and any
other
Den 5 jan 2014 13:23 skrev Randolph rdohm...@gmail.com:
Hi
- a scrambler could send out from time to time fake messages.
- an impersonator could record your own chat behaviour and generate
random time and lenght and content data, so it looks like your own chat
- the main problem remains that
Den 9 jan 2014 00:56 skrev Paul F Fraser pa...@a2zliving.com:
Software and physical safe keeping of Root CA secret key are central to
security of a large set of issued certificates.
Are there any safe techniques for handling this problem taking into
account the need to not have the control in
1: Domains expire unless renewed.
2: Transfers are possible.
3: The security model of blockchain based systems like Namecoin is that the
primary chain had the greatest amount of proof-of-work behind it, and you
can't fake the proof-of-work. You can try to isolate a node and provide a
fake chain,
Den 8 jun 2014 21:52 skrev Jerry Leichter leich...@lrw.com:
On Jun 7, 2014, at 7:56 PM, Bill Cox waywardg...@gmail.com wrote:
Is there reliable evidence that putting mobiles in a fridge is any
better illusory comsec than putting pillows around the door also
comically exhibited to clueless
On Mon, Jun 9, 2014 at 7:35 PM, ianG i...@iang.org wrote:
Original Message
Subject: [Tcpcrypt] WG Review: TCP Increased Security (tcpinc)
Date: Thu, 05 Jun 2014 14:31:12 -0700
From: The IESG iesg-secret...@ietf.org
To: IETF-Announce ietf-annou...@ietf.org
CC: tcpinc WG
Den 28 jul 2014 18:23 skrev Lodewijk andré de la porte l...@odewijk.nl:
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
I'm working on some Javascript client side crypto. There's a
cryptographic quality random
Den 10 sep 2014 22:34 skrev Aaron Toponce aaron.topo...@gmail.com:
I've since put together a site of playing card ciphers, weak and strong.
It's
still _very_ much a work in progress, but some input would be appreciated:
http://aarontoponce.org/card-ciphers/
[...]
I still have a great
Den 24 jan 2015 22:06 skrev Greg g...@kinostudios.com:
So, I understand that QM algos can pretty much dismantle all popular
asymmetric encryption algos with enough q-bits, but I haven't thought hard
enough to see if they also can be used to compromise communications that
used DH to do PFS
Den 8 jan 2015 08:03 skrev realcr rea...@gmail.com:
Hey Natanael, Thanks for your response.
It's the chain of signatures always published in an accessible way so
that the original members can't doublespend and claim to be the task
group? Otherwise the blockchain approach is useful for you
Den 8 jan 2015 11:54 skrev realcr rea...@gmail.com:
Hey, thanks again for the reply.
The only notable difference is that in my version you are checkpointing
the change in th blockchain.
You still have the very same form of signing, but you sign a slightly
different message (transfer of a
Den 7 jan 2015 22:14 skrev realcr rea...@gmail.com:
Hey,
Thank you for all the responses. I figured out that I left some important
details out, probably because I thought about it for a long time. I'm sorry
about that.
I will try to formulate it again:
Assume that the world contains correct
@Richard Clayton: I'm aware of Fawkes signatures. They are somewhat
applicable, but in some circumstances they aren't useful and/or safe.
Here's the best case stateless implementation of Fawkes signatures that I
can see that matches this usecase;
Use a seed and a counter to derive commitment
This started with the following Reddit thread:
http://www.reddit.com/r/crypto/comments/32gh1v/looking_for_signing_algorithm_that_keeps_signee/
The goal is to be able to publish signed messages anonymously and then
later on prove it was you who signed them, at a time of your choosing.
NOTE: I'm
Den 10 dec 2015 21:02 skrev "realcr" :
>
> It has been a while, but I think I know now about an idea to solve this
problem.
> I really appreciate all the help I got from your responses.
>
> I wrote a document that explains it here:
>
>
- Sent from my phone
Den 5 apr. 2016 09:17 skrev "John Gilmore" :
>
> > The key idea here is that you get to have *one* identifier for yourself
> > under your control, that you can use everywhere, securely.
>
> The key idea here is a bad idea.
>
> I don't want everyone I interact
I'm crossposting this to a few lists, a few of the relevant mail archives
are here for those who want to follow the replies on the other lists;
http://www.metzdowd.com/pipermail/cryptography/
http://lists.randombit.net/pipermail/cryptography/
Den 4 apr. 2016 19:23 skrev "Sean Leonard" :
>
> I think it’s called a URI.
>
> Any “universal” address is going to have to have embedded info about the
protocol or system that it is addressing. See URI.
People see URL:s and think websites, they see email addresses and think
He actually asked two different questions on #2, if all hashes have collisions
and if all messages have collisions. For MD5, the latter is almost proven
true. There's a tool that let you enter two plaintexts, and then it generates a
shared appended string (like
Sounds good, but they're already asking for backdoors to the haystacks...
2012-03-27 17:45 skrev Ed Stone:
Just as immunizations protect not only the person immunized, but also help
protect the community from contagion, wouldn't more encrypted content have a
public benefit through increasing
Again - SSL flaws, bad server, etc... Maybe a buggy browser. Can you imagine a
bug allowing JS injection in any tab? Post a bit.ly link and wait for keys...
Bugs like that have existed before.
2012-04-01 02:54 skrev James A. Donald:
On 2012-04-01 7:51 AM, natanae...@gmail.com wrote:
It's
79 matches
Mail list logo