Re: [gentoo-dev] First release of Gentoo Keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/13/2015 05:58 AM, Andrew Savchenko wrote: On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: On 01/12/2015 07:29 PM, Rich Freeman wrote: On Mon, Jan 12, 2015 at 1:06 PM, Kristian Fiskerstrand k...@gentoo.org wrote: One issue with DSA/ElGamal is the requirement for a random k value while signing/encrypting, Thanks - that was very informative. I guess the thing that makes me more concerned about RSA is that Shor's algorithm makes it quite possible that it will be defeated at some point in the future, perhaps without public disclosure. Shor's would be effective against discrete logs (including ECC) as well, so wouldn't be applicable to this selection. For post-quantum asymmetric crypto we'd likely need e.g a lattice based primitive. Why not to use post-quantum signing together with a traditional one? app-crypt/codecrypt is already in tree and provides an GnuPG-like solution based on post-quantum cryptography. My opinion is that it would only increase the complexity of things, in particular requiring a double set of trust paths / WoT. When such a shift becomes a prudent move (my interpretation of that is that it is advocated by people far more knowledgeable about crypto than I am) a lattice-based primitive (McEliece as used by this tool is part of this class) is likely to be brought into OpenPGP as an encryption algorithm by form of extension to RFC4880 (or part of an updated V5 key format). It would be no harm to use this solution together with GnuPG, e.g. have two detached signatures: a traditional RSA-4096 and a post-quantum one. The harm would be overhead, both computationally and not the least operationally to establish valid trust paths. Keep in mind that if it is to be any use, several steps would need to be fulfilled including that operational security perimeters would need to match the requirements, so all devs would need lattice-based keys in additional to classical keys, and probably make adjustments to their overall life to match such a key requirement. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJUtNt/AAoJEPw7F94F4Tag2HcP+wZTK1vLR1q0fYlGTAUi7I8G 3cWMrSAAVXqpfzezb7x/PYUm99y0G6gE9lmfkKQNG9sX6u/LsJDd7x6t92w99nI/ aJzYZi6WX5LKX7o22mFsSp8CjzJJwoNpdngKySjiTnFkMcsRmBANZnktsvxjKTS3 bgusId9LsT1w/hcXmIxmBUaM7hudffrV53XYdJtnlFPCCx6iLM4vQcjKxCQ60v67 LU11PWNw3Z7/M2UFHkWULMPYfezAUclTqdcMLTWNlWHugF2GJ8CTyrCTErV+ABKA f3awAB2rga2+gIwHiBtqPcepw8e0iFfzG3/NmQh2Q3+q6FwAgUyQL5NUzZI9GBqX xcwFJ2Y1OtMKvlJapHntZSXrwcj8uZvGC1DG+Srf0b+LF5JZUslp1F/aNPwHgpq/ GxM32EXtCHCN9w1BMlqrQSr1RE9NVKdcy43XEYSMA8D865+YqkHBnjylPrz5o+Q3 +r4iumNTBeyts7m4wWCcBHaFQCJJGsuy/JLcWQVTmq2zX3Y17atQh5UX83dzphP+ L8t3A0DXKdpJrbt0TcaxaYOaMcSp6eP+Two9UBRH3lJQzjydO70s2+YzyO55buJJ pjMZ1OAX/VH5NpNPWQlLUPWuZO9FlOarjYbg91DZtIEXf1d1/rTQ8edM/tbtq75Q pUPjmePbp6rw3y2AI4WF =MLZo -END PGP SIGNATURE-
Re: [gentoo-dev] First release of Gentoo Keys
On Tue, 13 Jan 2015 13:36:01 +0100 Chí-Thanh Christopher Nguyễn wrote: Andrew Savchenko schrieb: On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: Shor's would be effective against discrete logs (including ECC) as well, so wouldn't be applicable to this selection. For post-quantum asymmetric crypto we'd likely need e.g a lattice based primitive. Why not to use post-quantum signing together with a traditional one? Indeed. Problem is that so-called post-quantum cryptosystems are sometimes not even secure against non-quantum computers. I remember back when NTRU was the latest hotness, and the breaking and fixing ping-pong that security researchers played between conferences with it, particularly with the signature part. I think this is a problem of all new crypto solutions: they are likely to have flaws at both theory/model and implementation. But using them as addition (on AND basis) doesn't hurt security. However, as was pointed out in another reply, management overhead (second keypair, signature and web of trust) is considered as too much now. None of these has stood the test of time like RSA or DLP-based crypto. If post-quantum signing is desired, I agree that it should be strongly considered using it in addition to traditional signing. Best regards, Andrew Savchenko pgpD1IRDdSo0M.pgp Description: PGP signature
Re: [gentoo-dev] First release of Gentoo Keys
On Tue, 13 Jan 2015 12:10:47 +0100 Andreas K. Huettel wrote: Am Dienstag 13 Januar 2015, 07:54:16 schrieb Andrew Savchenko: Are you sure? The simplest Shor's factorisation machine was already built and published in open press: http://arxiv.org/abs/quant-ph/0112176 This was done 14(!!) years ago. I don't doubt there was a significant progress in this field thereafter. But it is likely that results are classified. Lieven's paper 2001 was a milestone but the technology in this case fundamentally didn't scale. So, while there certainly have been advances, they aren't directly based on it, but on completely different experimental approaches. http://web.physics.ucsb.edu/~martinisgroup/ If there's any place to look for technological advances, then ^ here. (No, not d-wave either. IMHO.) Thanks for the link, I'll study it. Best regards, Andrew Savchenko pgpfGCqqpShox.pgp Description: PGP signature
Re: Re: [gentoo-dev] First release of Gentoo Keys
Am Dienstag 13 Januar 2015, 07:54:16 schrieb Andrew Savchenko: On Mon, 12 Jan 2015 18:48:41 + Ciaran McCreesh wrote: On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand k...@gentoo.org wrote: Shor's would be effective against discrete logs (including ECC) as well, so wouldn't be applicable to this selection. For post-quantum asymmetric crypto we'd likely need e.g a lattice based primitive. We're not post-quantum, Are you sure? The simplest Shor's factorisation machine was already built and published in open press: http://arxiv.org/abs/quant-ph/0112176 This was done 14(!!) years ago. I don't doubt there was a significant progress in this field thereafter. But it is likely that results are classified. Lieven's paper 2001 was a milestone but the technology in this case fundamentally didn't scale. So, while there certainly have been advances, they aren't directly based on it, but on completely different experimental approaches. http://web.physics.ucsb.edu/~martinisgroup/ If there's any place to look for technological advances, then ^ here. (No, not d-wave either. IMHO.) -- Dr. Andreas K. Huettel Institute for Experimental and Applied Physics University of Regensburg D-93040 Regensburg Germany tel. +49 151 241 67748 (mobile) e-mail andreas.huet...@ur.de http://www.akhuettel.de/ http://www.physik.uni-r.de/forschung/huettel/
Re: [gentoo-dev] First release of Gentoo Keys
Andrew Savchenko schrieb: On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: Shor's would be effective against discrete logs (including ECC) as well, so wouldn't be applicable to this selection. For post-quantum asymmetric crypto we'd likely need e.g a lattice based primitive. Why not to use post-quantum signing together with a traditional one? Indeed. Problem is that so-called post-quantum cryptosystems are sometimes not even secure against non-quantum computers. I remember back when NTRU was the latest hotness, and the breaking and fixing ping-pong that security researchers played between conferences with it, particularly with the signature part. None of these has stood the test of time like RSA or DLP-based crypto. If post-quantum signing is desired, I agree that it should be strongly considered using it in addition to traditional signing. Best regards, Chí-Thanh Christopher Nguyễn
Re: [gentoo-dev] Re: qa last rites -- long list
El dom, 11-01-2015 a las 08:11 -0500, Rich Freeman escribió: [...] The main issue I see is that the main objective of using games.eclass is to keep games being used by people in games group... but this point if broken as soon as we allow packages to not use that eclass and, then, I see no advantage at all on not deprecating games.eclass (even not killing it immediatly... but at least to let people know that it's deprecated finally) (I am thinking in repoman warning about that eclass usage as it does for old python eclasses and many more) But I guess this should be moved back to current games team and maybe QA as I agree escalating it to the Council directly looks excessive
Re: [gentoo-dev] [PATCH 1/3] [python-r1] python_setup, allow restricting acceptable impls
Dnia 2015-01-05, o godz. 19:18:28 Michał Górny mgo...@gentoo.org napisał(a): Allow limiting accepted implementations in python_setup. This allows ebuilds to explicitly specify which implementations can be used to perform specific tasks (e.g. doc build) rather than implicitly relying on specific implementation preference order. All three committed and wiki docs updated. -- Best regards, Michał Górny pgpJx9Sp1cx_X.pgp Description: OpenPGP digital signature
