On 09/05/2013 01:57 PM, Perry E. Metzger wrote:
and am not sure which international group is being mentioned.
ISO. Not that narrows it down much.
Eric
___
The cryptography mailing list
cryptography@metzdowd.com
The NYT article is pretty informative:
(http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html)
Because strong encryption can be so effective, classified N.S.A.
documents make clear, the agency’s success depends on working with
Internet companies — by getting their
Bruce Schneier explains the Dual_EC_DRBG attack:
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
___
The cryptography mailing list
cryptography@metzdowd.com
On Thu, Aug 26, 2010 at 12:13:06PM -0400, Perry E. Metzger wrote:
It is difficult to validate that a hardware RNG is working
correctly. How do you know the bits being put off aren't skewed
somehow by a manufacturing defect? How do you know that damage in the
field won't cause the RNG to become
On Thu, Aug 26, 2010 at 11:21:35AM -0500, Nicolas Williams wrote:
Would it be possible to combine a FIPS 140-2 PRNG with a TRNG such that
testing and certification could be feasible?
Yes. (assuming you mean FIPS certification).
Use the TRNG to seed the approved PRNG implementation.
I'm
On Mon, Jul 12, 2010 at 12:22:51PM -0400, Perry E. Metzger wrote:
Plugging in an
external unit is not going to happen in practice. If it isn't nearly
free and built in, it won't be used.
I completely agree. But HW RNGs are a pain in a lot of ways- modern chip
design libraries don't include
On Mon, Jul 12, 2010 at 03:37:45PM -0400, Paul Wouters wrote:
On Mon, 12 Jul 2010, Eric Murray wrote:
Then there's FIPS- current 140 doesn't have a provision for HW RNG.
They certify software RNG only, presumeably because proving a HW RNG to be
random enough is very difficult. So what's
On Mon, Mar 02, 2009 at 05:35:20PM +0100, Marcus Brinkmann wrote:
Travis wrote:
Further, trying to dig into ASN.1 was extremely difficult. The specs
are full of obtuse language, using terms like object without
defining them first. Are there any tools that will dump certificates
in
On Wed, Oct 01, 2003 at 04:48:33PM +0100, Jill Ramonsky wrote:
I could do an implementation of SSL. Speaking as a programmer with an
interest in crypto, I'm fairly sure I could produce a cleanly
implemented and simple-to-use version.
Yep. It's a bit of work, and more work to ensure that
On Thu, Oct 02, 2003 at 12:06:40AM +0100, M Taylor wrote:
Stupid question I'm sure, but does TLS's anonymous DH protect against
man-in-the-middle attacks?
No, it doesn't.
If so, how? I cannot figure out how it would,
and it would seem TLS would be wide open to abuse without MITM protection
On Thu, Jul 10, 2003 at 12:04:33PM +0100, [EMAIL PROTECTED] wrote:
Instead, I have a
different question: Where can I learn about SSL?
As in, could someone reccommend a good book, or online tutorial, or
something, somewhere, that explains it all from pretty much first
principles, and leaves
11 matches
Mail list logo
