Why I can't sleep soundly with blockchain, being the cypherpunk

2017-08-29 Thread Sergey Matveev 
Greetings, fellow cypherpunks!

There is so much hype about blockchain technologies! Everyone is
fascinated about it, dream about wonderful bright cryptofuture, and
stops talking with me, when hears that I do not find blockchain either
interesting or useful.

Why I do not like blockchains? Actually *if they would work*, from
cryptographic point of view, then I have nothing against! Distributed
trusted databases, timestamps and consensus making are great things to
deal with. But unfortunately I see that at least Bitcoin (the biggest
blockchain in use) has already failed without human-initiated
regulations[0]. It failed from *cryptographic* point of view.

I am cypherpunk and I am very interested and excited about cryptography
subjects. Why? Because all of that is based on math and assumptions
about practical impossibility of reverting many functions (you know,
some kind of "2^100 of operations are required for ..."). It is valuable
because you do not have to trust and rely on people *at all*. Well,
except for cryptographers and similar scientists. People are the problem
#1 in all security questions. They can be bribed, all of them have their
price. They are error-prone, not reliable, lie and misbehave easily. I
can not sleep soundly, knowing that I depend on some human. Cryptography
world gives unbelievable possibility to eliminate them!

If I can easily remember relatively long passphrase (100-120 characters
in practice) as a key to proven strong authenticated encryption
algorithm, then I am confident that my data is safe. I can use
eavesdropped links and virtually any potentially vulnerable storage when
cryptography is applied correctly. While noone ever know if quantum
computers powerful (big) enough will be built, RSA/ElGamal/ECC stay
pretty safe too. I really love the fact of security risks estimation
possibility, based on current technology state and progress. People can
fail you anytime -- only *hope* will keep you calm.

Are you afraid of algorithms breaking possibility? Even one of the first
encryption algorithm used in computer era -- DES, is still useful and
secure enough in 3DES composition. If you are still frightened, then
learn from soviets: their GOST 28147-89 block cipher[1], created in
1970s, still has more than 2^200 security margin. Who the hell knows
what "key meshing"[2] means? But that block cipher has that kind of
thing, making it immune to Sweet32 attack, appeared dozens of years
after. Do not overestimate value of performance, by sacrificing its
security -- perfect advice for sleeping well for years.

But what about blockchains? Citing Ethereum's "problems" wiki page[3]:

While a cryptographer is used to assumptions of the form "this
algorithm is guaranteed to be unbreakable provided that these
underlying math problems remain hard", the world of cryptoeconomics
must contend with fuzzy empirical factors such as the difficulty of
collusion attacks, the relative quantity of altruistic,
profit-seeking and anti-altruistic parties, the level of
concentration of different kinds of resources, and in some cases
even sociocultural circumstances.

Everything is right here. Anyway you *will* depend on people, society,
its behaviour and huge quantity of empirical factors and assumptions. It
is not cypherpunk's reliable and risks-predictable world -- it has
nothing in common. Replacing the need to trust the human, with the need
to trust the algorithm and technology -- that *is* the exact reason why
I am interested in crypto. Requiring and depending on society again --
that is the exact reason why I standing aside from blockchains. They do
not offer any guarantees[4], but likelihoods, lottery.

Cypherpunk must rely and depend on people as little as he can. Remember
cypherpunk's manifesto[5] -- spread as little unnecessary information as
possible, because people *will* find ways how to harm you with it. And
blockchains are broadcasting permanent storages, where most of them
(with Zcash[6] exception for example) give you neither privacy nor
anonymity for your personal (private) transactions.

[0] https://en.wikipedia.org/wiki/Ghash.io#51.25_attack_controversy
[1] http://gost.cypherpunks.ru/en2814789.html
[2] http://gost.cypherpunks.ru/enMeshing.html
[3] https://github.com/ethereum/wiki/wiki/Problems
[4] https://tonyarcieri.com/on-the-dangers-of-a-blockchain-monoculture
[5] https://www.activism.net/cypherpunk/manifesto.html
[6] https://en.wikipedia.org/wiki/Zcash

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

Re: Vulnerability of OpenSource Software download mechanisms: VLC

2017-07-03 Thread Sergey Matveev 
*** Steve Kinney <ad...@pilobilus.net> [2017-07-03 17:30]:
>> However they are refusing to implement HTTPS arguing that because their
>> .exe are digitally signed with authenticode they are safe 
>> https://trac.videolan.org/vlc/ticket/18472 .
>
>Against hostile State actors, HTTPS only provides a false sense of
>security.  If your threat model includes the CIA, reliance on HTTPS is a
>fundamental error in the "game over" category.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

GOST cryptography -- Russian Federation's crypto algorithms

2016-10-22 Thread Sergey Matveev 
Here is consolidated information about modern russian crypto algorithms:
http://www.cypherpunks.ru/gost/English.html
Worth altenative to western standards.

Re: SHA-3 and GOST-R/Stribok

2016-09-19 Thread Sergey Matveev 
*** xorc...@sigaint.org  [2016-09-19 23:25]:
>Anyone know of some good reference material comparing and contrasting
>these hash functions?

As Wikipedia says ( https://en.wikipedia.org/wiki/Streebog ),
Streebog uses Merkle-Damgård construction and mathematically is more
closed to SHA1/SHA2 and similar hash functions. It can be called rather
"classic" construction, but much more effective and simple that previous
GOST R 34.11-94 hash function standard.

So many things related to those classic SHA1/2-like functions are
appliable to GOST R 34.11-2012 too.

By the way, it should be called "Streebog"", "Stribog".

-- 
Happy hacking