You didn't mention the option of switching to elliptic curves. A
256-bit elliptic curve is probably stronger than 2048-bit RSA 
while also being more efficient in every way except for CPU cost for
verifying signatures or encrypting .
I like the Brainpool curves which comes with a
On Wed, Sep 1, 2010 at 2:55 PM, Ben Laurie b...@links.org wrote:
Therefore, you would end up hashing your messages with a
secure hash function to generate message representatives short
enough to sign.
Way behind the curve here, but this argument seems incorrect. Merkle
signatures rely on
On Fri, May 20, 2011 at 3:30 PM,
I wonder if A/V shouldn't use something similar?
I assume MD4 is an outdated choice - perhaps some cryppie needs to
design a hash function that is specifically designed for a FIFO kind
Dear Paul Crowley:
How about the Compact Representation, section 4.2, of RFC 6090:
Is that the same point compression that you were looking for?
cryptography mailing list
Dear Nico Williams:
Thanks for the reference! Very cool.
What I would most want is for ZFS (and every other filesystem) to
maintain a Merkle Tree over the file data with a good secure hash.
Whenever a change to a file is made, the filesystem can update the
Merkle Tree this with mere O(log(N))
Also related, Eric Hughes posted about something he called Encrypted
Open Books on 1993-08-16. The idea was to allow an auditor to confirm
the correctness of the accounts without being able to see the details
of people's accounts.
On Tue, Jul 12, 2011 at 5:25 PM, Marsh Ray ma...@extendedsubset.com wrote:
Everyone here knows about the inherent security-functionality tradeoff. I
think it's such a law of nature that any control must present at least some
cost to the legitimate user in order to provide any effective
announcing Tahoe-LAFS v1.8.3, fixing a security issue
Dear People of the email@example.com mailing list:
We found a vulnerability in Tahoe-LAFS (all versions from v1.3.0 to v1.8.2
inclusive) that might allow an attacker to delete files. This vulnerability
does not enable anyone to read
Hello John Tromp!
That is neat! The paper could use a related work section, for example
Litecoin uses scrypt in the attempt to make it harder to implement in
The current Password Hashing Contest (disclosure: I am on the panel)
may be relevant to your