Re: [cryptography] My comments on the xep proposal
Thank you Kevin for your comments! One-time pad offers perfect secrecy, but yes, it is not much used in practice mainly because of several problems/challenges I am sure you in this list are well aware of. About the XEP proposal: if Prover and Verifier clients are running in same device or even in same application, amount of one-time pad related problems decreases, because the keys can be used, transmitted, stored and deleted, e.g., inside one running program. Randomness that is good enough for cryptography is of course problematic. Usage of one-time pad would be very different than we have learned from crypto books. A new key and message to be encrypted could be randomly generated every time when authenticating. No long pads are used/needed/stored so it has still been quite fast in my tests. But would one-time pad actually give any additional security when compared just using a random string (key part from one-time pad without the encrypted message)? Can anyone find threats related to the XEP proposal? Like from message authentication? For example, one-time pads do not provide any message authentication, would it be more secure to to use random key to encrypt a randomly generated message or understandable message? Is there any difference? At the moment message authentication is provided using a mechanism where the Verifier processes only a message coming from a known Prover containing a known secret. If there is errors in the sender or in the secret, the message is not processed as authentic. In addition XMPP's E2E security could be used for encryption/authenticity. -Teemu 2014/1/10 Kevin kevinsisco61...@gmail.com: I have looked over the 2-factoring mechanism and I feel the need to point something out: The one-time pad, while great in theory, proves somewhat unrealistic in practice. It can be slow, especially if used in hardware. So if used in a router could possibly lag the network. Again, the one-time pad is great in theory; I personally like it. Realistically, however, I'd replace it with something else. Just my thoughts. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
Shirley Jackson, The Lottery, sacrificing a victim purges guilt of the guilty. Does anyone really believe RSA is alone in this betrayal? And that making an example of RSA will stop the industry practice of forked-tonguedness about working both sides of the imaginary fence of dual-use, dual-hat, duplicity of comsec? Industry standards were invented and are sustained for this purpose. No matter NSA, RSA, IETF, NIST, this breast-beating list of the guilty cryptographers pretending they did not know what their best customers and employers are doing. Boing Boing is being played like the crypto promotional wargame is played. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
Well said. In perhaps-related ethics news: RSA Conference is a separate entity from RSA, and (I believe) not a subsidiary or profit center for either RSA or EMC. At this point, they're just unlucky enough to have hitched their branding to the most recognized name in the industry. If it's wrong for RSA to take $10M to set a bad default in BSAFE, is it not MORE wrong to sell the federal government a 0day for a fraction of that price? On that score, black/gray hats boycotting RSA are like H dealers who cry foul because their neighbors let their kids run with scissors. By boycotting the show, one is essentially depriving others the opportunity to hear one's nuanced, well-informed ranting about crypto ethics in its preferred venue i.e. the various bars and seafood restaurants of SF. As always, focusing inward is indicated all around. /j On Jan 14, 2014, at 11:12 AM, John Young j...@pipeline.com wrote: Shirley Jackson, The Lottery, sacrificing a victim purges guilt of the guilty. Does anyone really believe RSA is alone in this betrayal? And that making an example of RSA will stop the industry practice of forked-tonguedness about working both sides of the imaginary fence of dual-use, dual-hat, duplicity of comsec? Industry standards were invented and are sustained for this purpose. No matter NSA, RSA, IETF, NIST, this breast-beating list of the guilty cryptographers pretending they did not know what their best customers and employers are doing. Boing Boing is being played like the crypto promotional wargame is played. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
On Tue, Jan 14, 2014 at 8:34 AM, Jared Hunter feralch...@gmail.com wrote: ... If it's wrong for RSA to take $10M to set a bad default in BSAFE, is it not MORE wrong to sell the federal government a 0day for a fraction of that price? collusion to weaken RNGs enables pervasive insecurity and global passive interception. 0day is unilateral, targeted, and active (not passive) by comparison. we can argue ethics, however these are two different classes of compromise... By boycotting the show, one is essentially depriving others the opportunity to hear one's nuanced, well-informed ranting about crypto ethics in its preferred venue i.e. the various bars and seafood restaurants of SF. a few people have mentioned having an un-conference at the same time / location to provide for a more authentic exchange of actual crypto geekery. i support this effort! best regards, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] My comments on the xep proposal
On 1/14/2014 7:55 AM, Teemu Väisänen wrote: Thank you Kevin for your comments! One-time pad offers perfect secrecy, but yes, it is not much used in practice mainly because of several problems/challenges I am sure you in this list are well aware of. About the XEP proposal: if Prover and Verifier clients are running in same device or even in same application, amount of one-time pad related problems decreases, because the keys can be used, transmitted, stored and deleted, e.g., inside one running program. Randomness that is good enough for cryptography is of course problematic. Usage of one-time pad would be very different than we have learned from crypto books. A new key and message to be encrypted could be randomly generated every time when authenticating. No long pads are used/needed/stored so it has still been quite fast in my tests. But would one-time pad actually give any additional security when compared just using a random string (key part from one-time pad without the encrypted message)? Can anyone find threats related to the XEP proposal? Like from message authentication? For example, one-time pads do not provide any message authentication, would it be more secure to to use random key to encrypt a randomly generated message or understandable message? Is there any difference? At the moment message authentication is provided using a mechanism where the Verifier processes only a message coming from a known Prover containing a known secret. If there is errors in the sender or in the secret, the message is not processed as authentic. In addition XMPP's E2E security could be used for encryption/authenticity. -Teemu 2014/1/10 Kevin kevinsisco61...@gmail.com: I have looked over the 2-factoring mechanism and I feel the need to point something out: The one-time pad, while great in theory, proves somewhat unrealistic in practice. It can be slow, especially if used in hardware. So if used in a router could possibly lag the network. Again, the one-time pad is great in theory; I personally like it. Realistically, however, I'd replace it with something else. Just my thoughts. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography If you are still wanting to use a one-time pad, I can't help but wonder what you use as your source of entropy for the randomness. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] My comments on the xep proposal
Hi. In Python 2.x, I have been using /dev/urandom through os.urandom. -Teemu 2014/1/14 Kevin kevinsisco61...@gmail.com: On 1/14/2014 7:55 AM, Teemu Väisänen wrote: Thank you Kevin for your comments! One-time pad offers perfect secrecy, but yes, it is not much used in practice mainly because of several problems/challenges I am sure you in this list are well aware of. About the XEP proposal: if Prover and Verifier clients are running in same device or even in same application, amount of one-time pad related problems decreases, because the keys can be used, transmitted, stored and deleted, e.g., inside one running program. Randomness that is good enough for cryptography is of course problematic. Usage of one-time pad would be very different than we have learned from crypto books. A new key and message to be encrypted could be randomly generated every time when authenticating. No long pads are used/needed/stored so it has still been quite fast in my tests. But would one-time pad actually give any additional security when compared just using a random string (key part from one-time pad without the encrypted message)? Can anyone find threats related to the XEP proposal? Like from message authentication? For example, one-time pads do not provide any message authentication, would it be more secure to to use random key to encrypt a randomly generated message or understandable message? Is there any difference? At the moment message authentication is provided using a mechanism where the Verifier processes only a message coming from a known Prover containing a known secret. If there is errors in the sender or in the secret, the message is not processed as authentic. In addition XMPP's E2E security could be used for encryption/authenticity. -Teemu 2014/1/10 Kevin kevinsisco61...@gmail.com: I have looked over the 2-factoring mechanism and I feel the need to point something out: The one-time pad, while great in theory, proves somewhat unrealistic in practice. It can be slow, especially if used in hardware. So if used in a router could possibly lag the network. Again, the one-time pad is great in theory; I personally like it. Realistically, however, I'd replace it with something else. Just my thoughts. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography If you are still wanting to use a one-time pad, I can't help but wonder what you use as your source of entropy for the randomness. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
On Jan 14, 2014, at 1:53 PM, cryptography-requ...@randombit.net wrote: Does anyone really believe RSA is alone in this betrayal? And that making an example of RSA will stop the industry practice of forked-tonguedness about working both sides of the imaginary fence of dual-use, dual-hat, duplicity of com sec? First, “Almost everything you do will seem insignificant, but it is important that you do it”. Second, boycotting an e. coli-laden meat packer is not for the effect on that packer, but for the effect on the other packers. It serves as a warning and as a demonstration of damage that accrues to bad behaviors. Brands take notice of such things. It serves the public good. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
If courageous, Rivest, Shamir and Adelson can be burnt in effigy. Their initials once were rightly world famous, and to smear these distinguished gentlemen by vulgar opportunistic protest instigated by noobs with less than zero comprehension of cryptography should be condemned not debated. James Bidzos raped the three once, twice, thrice, then hid his corporatorizing crime under skirts of EMC. Don't ravage his victims. Protest, sure, but demonstrate what to protest for effectiveness, not idiotic sloganeering of a logo. Hell, long-time duplicitous IBM deserves deeper anger than RSA. DES and much more. Go big and really bold. Protest the Waasenaar Arrangement, the greatest rigging of the dual-use technology market ever, and the world's greatest gang of cheaters, bribers, underhanded dealers of contraband, most of it lethal, far deadlier than crypto. Greenwald blogs there are cryptographers and comsec experts reviewing Snowden's material for future releases. Presumably the highly ethical reviewers have a clear shot at avoiding release of their own names and firms. They will cheat, that's certain. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
On 2014-01-15 02:12, John Young wrote: Shirley Jackson, The Lottery, sacrificing a victim purges guilt of the guilty. Does anyone really believe RSA is alone in this betrayal? And that making an example of RSA will stop the industry practice of forked-tonguedness about working both sides of the imaginary fence of dual-use, dual-hat, duplicity of comsec? Yeah, it will. Open source the cryptographic part of your product, and don't use RSA, IETF, or NIST standards. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
On Tue, Jan 14, 2014 at 10:34 AM, Jared Hunter feralch...@gmail.com wrote: RSA Conference is a separate entity from RSA, and (I believe) not a subsidiary or profit center for either RSA or EMC. At this point, they're just unlucky enough to have hitched their branding to the most recognized name in the industry. This is incorrect. From http://www.rsaconference.com/about : RSA developed RSA Conference in 1991 as a forum for cryptographers to gather and share the latest knowledge and advancements in the area of Internet security. Today, RSA Conference and related RSA Conference branded activities are still managed by RSA, with the support of the industry. RSA Conference event programming is judged and developed by information security practitioners and other related professionals. Also, the footer on all rsaconference.com pages specifically claim copyright by EMC, and both the Legal Notices and Privacy Policy links go to pages on emc.com. -- @kylemaxwell ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
But open source is compromised as well, for the same reasons and by the same parties. Some claim open source was born of and is powned by the spies. No problema, overcoming compromises of parentage has forever been the fundamental, albeit futile, crypto challenge. Even precious OTP is compromised, the gold standard of industry pure-blooded progeny. No matter, cryptologists are dogged and faithful as rutting canines. One or two mad but considered geniuses, placed on virtual pedestals, then back to wild-rut cheating, lying, stealing and high-selling to evildoers. This is a thumbnail of The Codebreakers. Come to think of all security volumes. Ross Anderson has amusing comments on this onanist bazaar in Security Engineering, which, book-rich Schneier, no slouch at unfettered self-rutting, moans 'It's beautiful. This is the best book on the topic there is.' At 05:58 PM 1/14/2014, James Donald wrote: Yeah, it will. Open source the cryptographic part of your product, and don't use RSA, IETF, or NIST standards. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
On 2014-01-15 10:48, John Young wrote: But open source is compromised as well, for the same reasons and by the same parties. Some claim open source was born of and is powned by the spies. We can audit open source. Of course that costs serious money, but some people have adequate incentive to do so. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] using Curve p25519 cryptography for type 2(Mixmaster) and type 3(mixminion) remailer blocks
On Tue, Jan 14, 2014 at 2:14 PM, gwen hastings g...@cypherpunks.to wrote: ... I am looking at resurrecting mixmaster, mixminion and nym.alias.net nymserver designs from the various code wastebaskets and retrofit them with some newer encryption technology based on curve25519 and poly-1305 libsodium based algorithms and routines. I believe there is sufficient demand to merit deployment of a good mix network. As well as perhaps web/other intake frontends due to the now prevalent a) dwindling free email b) demand by mail providers for phone authentication. As for operators, I'd reach out to the Tor, I2P, Bitcoin, etc operators. It's a shame that one of the hardest things to find these days is anonymous free speech in the simple form of the written word. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography