Re: [cryptography] 1280-Bit RSA

2010-07-17 Thread Zooko O'Whielacronx
Dan: You didn't mention the option of switching to elliptic curves. A 256-bit elliptic curve is probably stronger than 2048-bit RSA [1] while also being more efficient in every way except for CPU cost for verifying signatures or encrypting [2]. I like the Brainpool curves which comes with a

Re: [cryptography] Merkle Signature Scheme is the most secure signature scheme possible for general-purpose use

2010-09-01 Thread Zooko O'Whielacronx
On Wed, Sep 1, 2010 at 2:55 PM, Ben Laurie wrote: Therefore, you would end up hashing your messages with a secure hash function to generate message representatives short enough to sign. Way behind the curve here, but this argument seems incorrect. Merkle signatures rely on

Re: [cryptography] rolling hashes, EDC/ECC vs MAC/MIC, etc.

2011-05-20 Thread Zooko O'Whielacronx
On Fri, May 20, 2011 at 3:30 PM, wrote: I wonder if A/V shouldn't use something similar? What's A/V? I assume MD4 is an outdated choice - perhaps some cryppie needs to design a hash function that is specifically designed for a FIFO kind of window?  

Re: [cryptography] Point compression prior art?

2011-05-20 Thread Zooko O'Whielacronx
Dear Paul Crowley: How about the Compact Representation, section 4.2, of RFC 6090: Is that the same point compression that you were looking for? Regards, Zooko ___ cryptography mailing list

Re: [cryptography] rolling hashes, EDC/ECC vs MAC/MIC, etc.

2011-05-21 Thread Zooko O'Whielacronx
Dear Nico Williams: Thanks for the reference! Very cool. What I would most want is for ZFS (and every other filesystem) to maintain a Merkle Tree over the file data with a good secure hash. Whenever a change to a file is made, the filesystem can update the Merkle Tree this with mere O(log(N))

Re: [cryptography] Is BitCoin a triple entry system?

2011-06-13 Thread Zooko O'Whielacronx
Also related, Eric Hughes posted about something he called Encrypted Open Books on 1993-08-16. The idea was to allow an auditor to confirm the correctness of the accounts without being able to see the details of people's accounts. Regards, Zooko ___

Re: [cryptography] preventing protocol failings

2011-07-22 Thread Zooko O'Whielacronx
On Tue, Jul 12, 2011 at 5:25 PM, Marsh Ray wrote: Everyone here knows about the inherent security-functionality tradeoff. I think it's such a law of nature that any control must present at least some cost to the legitimate user in order to provide any effective

[cryptography] announcing Tahoe-LAFS v1.8.3, fixing a security issue

2011-09-14 Thread Zooko O'Whielacronx
announcing Tahoe-LAFS v1.8.3, fixing a security issue Dear People of the mailing list: We found a vulnerability in Tahoe-LAFS (all versions from v1.3.0 to v1.8.2 inclusive) that might allow an attacker to delete files. This vulnerability does not enable anyone to read

Re: [cryptography] [Cryptography] Cuckoo Cycles: a new memory-hard proof-of-work system

2014-01-09 Thread Zooko O'Whielacronx
Hello John Tromp! That is neat! The paper could use a related work section, for example Litecoin uses scrypt in the attempt to make it harder to implement in ASIC: The current Password Hashing Contest (disclosure: I am on the panel) may be relevant to your