Re: [cryptography] embbeded pw kdf?
On Fri, Aug 05, 2016 at 07:08:49AM -0400, Allen wrote: > > > > > > how would it be the best to derive a key from user input > > > > > > I think that depends on what you plan to do with the key, i.e., what it > > > will be used for, and how it will be used > > > > how you mean? for encryption and signing i guess. > > > > If only it were that simple. If you have no idea what you are going to use > the keys for and the attacks you need to resist, then it's unlikely you'll > have a secure system. this is a theoretical question. if we have IoTs, and people start doing simple md5 for kdf, then that is very bad if anyone can bruteforce this passphrase, independently of how the key is used later. i'm looking for a cryptographic primitive that makes a key out of user input. like argon, like scrypt, like bcrypt. you know, that kind of stuff. without any context how the kdf derived key is used later. > Things that might matter: Is the data stored and if so where? Is the data > transmitted? When and where is the data decrypted, and by whom? How will > you distribute the signature verification key and associate it with an > identity? Is there a requirement to escrow or recover the key(s) if the > password can't be remembered? Etc. this goes well beyond the concept of a kdf i believe. also this is a generic question, what cryptographic primitive exists for these restricted environments in general. it will be necessary, and if there's none, expect to have md5(password) all over the place. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] embbeded pw kdf?
On Fri, Aug 05, 2016 at 06:47:04AM -0400, Allen wrote: > > > > how would it be the best to derive a key from user input > > > I think that depends on what you plan to do with the key, i.e., what it > will be used for, and how it will be used how you mean? for encryption and signing i guess. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] embbeded pw kdf?
dear list, with the spectre of IoT looming over us - making us all warm and fuzzy about our memories of security in the 80ies - i was wondering, if you have an 32bit (not considering 8bit systems for their very limited support for crypto) embedded device with heavily constrained processing power and memory (<0.5MB) but still enough to perform all basic crypto algos, how would it be the best do derive a key from user input (assuming we have a keypad e.g.) argon2 seems to be optimized for PCs. is the best one can do in such situations a naive: H0 = password H_n = hash(H_n-1, device unique salt), 1<=nhttps://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM
On Tue, Apr 12, 2016 at 08:12:52PM -0700, Tony Arcieri wrote: > On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret <r...@flownet.com> wrote: > Well, that's true, but it's also hundreds of times bigger than a token in > the Yubikey "nano" form factor, which is actually convenient to keep > permanently in the USB slot of a laptop. Your physical design seems pretty > unwieldy for laptops (see also Yubico's keychain designs). > > Yubikey "nano" factor tokens like the NEO-n have also supported more > general purposes than a U2F token (e.g. CCID interface, OpenPGP applets, > see also PIV) > > I swear I'm not a paid shill for Yubico, but I'm a fan of small > display-free hardware tokens. While a token like what you've built might > provide Maximum Security under pessimistic threat models, its large size > makes it look rather inconvenient to me. coincidentally i'm hacking on a similar device for quite some time. and while one of my design goals was to have my keys always on me, even in the sauna. there's another hard requirement, which is kinda conflicting with having a device so small to always keep it in the usb plugged. this requirement is to have the unlocking of the key material depend only on the usb device not on the usb host. if i have to enter my password to unlock the keys on the pc, any finfisher/hackingteam malware can duplicate my password and use it itself. so the i need some kind of passphrase entry on the device. and with this requirement the UX actually favors bigger designs, with displays. my two approaches are 1/ using chording a la guitar hero, you learn your passphrase using muscle memory and play the hex digits of it on 4 buttons. this device is about 3x7cm big. 2/ i have the board in the exact format of a nokia 3310, and can switch the original board with my and use the nokias display and keyboard with 16 keys for entry of passphrases. however latter design is not suitable for saunas. the smaller design however could be enclosed like this: http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/005/full.jpg http://cryptomuseum.com/crypto/philips/aroflex2/img/301411/003/full.jpg http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/000/full.jpg http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/009/full.jpg i also understand that a small device in a usb slot is nice, but it also encourages continuous contact between the keystore and an untrusted device. i rather unplug my keystore when it's not needed. as a shameless plug, my designs are already in production, and will available in small quantities this summer. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Design of a secure hardware dongle
On Tue, Jan 19, 2016 at 12:34:12PM -0800, Ron Garret wrote: > I’m working on a design for a minimalist secure hardware dongle. The goal is > to have it be usable as an HSM for the secure storage of secrets. I have a > prototype running on a Teensy3, but I’ve come to the conclusion that in order > to really be secure there has to be some I/O on the dongle itself. Hence, I > am commissioning a new design that is essentially a Teensy3 with the addition > of an OLED display and two push-buttons. It will also have an on-board noise > source for key generation. The resulting device will be very similar to the > Trezor, but not designed specifically for BitCoin. I expect to be able to > sell them for about $50. > > If anyone here has an interest in such a device and would like to see a > feature that I have not listed please let me know. i have something like this ready. here's a video from last year when it was "under construction": https://youtu.be/zB_l09mzMs4 -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The Intercept Releases ~1,264 pages of NSA Docs
On Thu, Jul 02, 2015 at 08:51:39AM +1000, Alfie John wrote: On Thu, Jul 2, 2015, at 07:47 AM, John Young wrote: Mostly Xkeyscore and more. http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) Is there an md5sum of that link served via HTTPS? i'd rather prefer the intercept itself actually releasing this as a signed archive. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Javascript scrypt performance comparison
On Fri, May 08, 2015 at 09:04:47AM +0200, Fabio Pietrosanti (naif) - lists wrote: Do you think that yescrypt-lite in JS will be a reasonable substitute of scrypt within a defined amount of time (we're open and interested to integrate latests crypto)? according to someone close to the PHC compo, yescrypt is rich with side-channels, i wonder how to secure js implementations against these, and the extra sidechans that are introduced by the usage of js itself. can anyone enlighten pls? i start to wonder what the name globaleaks really refers to, sidechans? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Javascript scrypt performance comparison
On Fri, May 08, 2015 at 04:27:19PM +0300, Solar Designer wrote: On Fri, May 08, 2015 at 10:34:28AM +0200, stef wrote: according to someone close to the PHC compo, yescrypt is rich with side-channels, Worded like that, it's FUD. It's a fully expected kind of FUD, though. sorry - although maybe fud is a strong word -, i only overheard this, without much details, so phrased it vaguely. however many thanks for the fascinating details you provided to understand this issue better. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OpenPGP in Python: Security evaluations?
On Thu, Apr 23, 2015 at 08:25:14AM +0200, Fabio Pietrosanti (naif) - lists wrote: Everyone, including GlobaLeaks, is using python-gnupg wrapper but that's an HORRIBLE software design choice (having a wrapper that fire an executable) and we want to fix that. from what aspect do you consider this broken? considering the fine research of Eran Tromer i'd say that what you are up to seems to break things more than they were before you started fixing things. you seem to build a system with maximum side-channels, your previous javascript client question points in a similar direction. why? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Introducing SC4 -- feedback appreciated
ohio, On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote: 1. It is a standalone web application. putting keys in the browser is like putting keys in front of a dmz. browsers are not designed for this, they are designed for delivering impressions and services to you. the security features you find in any browser are there to secure the revenue-stream of some companies, not for the protection of the interests of its users. (same goes for phones), the tool might be good (haven't checked), but the foundation it's built on is sand. you want to isolate your keys, current end-host security does not provide much protection against some malware in case recovery of your keys becomes a priority. you also want to make sure the code running is authentic, with js delivered over the net this is quite hard to do verifiably (again, not your protection, industry revenues are the thing to protect). cheers,s ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Introducing SC4 -- feedback appreciated
On Fri, Apr 17, 2015 at 11:56:48AM -0700, Ron Garret wrote: On Apr 17, 2015, at 11:27 AM, Dominik Schuermann domi...@dominikschuermann.de wrote: what problem of traditional PGP implementations did you solve? The fact that to use PGP you have to install an application. (This is true for Peerio as well.) That turns out to be too much friction for most people. that is actually true and sad, instead of new webapps, maybe the focus should be on multi-platform installers. Whenever you have to install an application you have to decide whether or not you trust the application, i don't see how this decision is not made in the sc4 case -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Unbreakable crypto?
On Fri, Mar 20, 2015 at 06:12:31PM +, Dave Howe wrote: Or a reasonably clever and trolling satire on snakeoil products. :) the less optimistic alternative is this being a well-crafted water-holing site targeted at the members of this mailing-list. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Unbreakable crypto?
On Thu, Mar 19, 2015 at 03:33:25PM -0400, Kevin wrote: This software uses the one-time pad. Have any of you seen this? http://www.unbreakable-crypto.com i wonder if the eff is aware that they are referenced in the footer. i'd categorise this as brilliant satire. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?
On Wed, Mar 11, 2015 at 01:02:14PM +0100, Fabio Pietrosanti (naif) - lists wrote: On 3/11/15 12:42 PM, stef wrote: against state level actors. i mean globaleaks clearly has state-level actors in their threat-model, right? No, GlobaLeaks doesn't consider in it's threat model an NSA-like actor. observe, how the question regarding state-level actors is dodged by reducing the set to nsa-like (what does that even mean?) and knowing the dutch, the hungarian and the serbian globaleaks users personally, i can assure you they are operating outside your threat-model, and i'm not sure they are aware of it. Check the Threat Model link on https://globaleaks.org in the footer to get a better insight. i now understand why you did not link this directly: https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/pub seriously on google? your threatmodel seems indeed quite limited. you should be much more open about your limits. your actions and words to not instill trust in your product. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?
On Wed, Mar 11, 2015 at 11:53:35AM +0100, Fabio Pietrosanti (naif) - lists wrote: at GlobaLeaks we're undergoing implementation of client-side encryption with server-side storage of PGP Private keys. i didn't get the memo, that js in browsers is now the way to best mitigate against state level actors. i mean globaleaks clearly has state-level actors in their threat-model, right? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?
On Wed, Mar 11, 2015 at 01:02:14PM +0100, Fabio Pietrosanti (naif) - lists wrote: against state level actors. i mean globaleaks clearly has state-level actors in their threat-model, right? No, GlobaLeaks doesn't consider in it's threat model an NSA-like actor. there's other state level actors. GlobaLeaks it's designed to be a Whistleblowing framework that can be used in very different context, from WildLife Crime Activism up to Anticorruption in Serbia up to PubLeaks-like Journalism in Netherland, keeping the maximum level of security achievable for a specific context of use. serbia sounds like a state level actor, and i heard that the publeaks people also get attention from the local services. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?
On Wed, Mar 11, 2015 at 01:28:27PM +0100, Fabio Pietrosanti (naif) - lists wrote: serbia sounds like a state level actor, and i heard that the publeaks people also get attention from the local services. The reality is that each scenarios have it's own peculiarities, really, it would be a very long and complex discussion that require few hours to analyze each scenarios details. let's stick with the webcrypto aspect, and the fact that both governments control their own CA in the browsers. the dutch CA being even historically shared with some other parties. PubLeaks in the Netherland has been deployed with Tails as Leaktops for the journalists for end-point security, with GlobaLeaks being hosted by a well-known third party within the activists community (GreenHost), with servers deployed in a geo-political smart way, with service contract done with the PubLeaks Foundation (a legal entity created on purpose) to be resilient against certain kind of legal threats. how does that protect against active covert attacks? luckily parallel constructions will save your conscience from feeling responsible. OCCRPLeaks do require instead, in Bosnia and balkan-area, to leverage plausible deniability by embedding GlobaLeaks within existing HTTPS site (https://occrp.org) because plausible deniability has been considered, after threat-modelling with the stakeholders, more relevant than just saying Hey, use Tor to access this .onion site . how is using stuff over ssl in the country where the adversary controls a local CA plausible deniability? When you work supporting the many initiatives you'll just realize that many time, the cryptographic/technical implementation side of a Whistleblowing initiative's security, is a minor part and shall be considered in a broader Security threat model. absolutely. Given that the picture is complex and variegate enough, we are providing such a differentiated set of security levels, from a technical and procedural point of view. so you allow your clients to shoot themselves in the foot. The way you work in a place where The rule of law is effective, it's that's a quite bold assumption even in europe today :/ -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Crypto Vulns
On Sat, Mar 07, 2015 at 10:23:40AM -0500, John Young wrote: No 1 vulnerability of crypto is the user absolutely: pls enjoy this: https://en.wikipedia.org/wiki/List_of_cognitive_biases which i also packed into an ebook for your convenience: http://www.ctrlc.hu/~stef/cognitive_biases_-_layer8_security_advisories.epub http://www.ctrlc.hu/~stef/cognitive_biases_-_layer8_security_advisories.pdf -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] random number generator
On Sat, Nov 22, 2014 at 08:13:31PM +1000, James A. Donald wrote: The question is, does all this entropy show up in Jytter? I rather think it does. the question is: is your adversary nature, or human nature? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Email encryption for the wider public
On Thu, Sep 18, 2014 at 09:06:53AM +0200, Henry Augustus Chamberlain wrote: currently able to use email encryption at all! I think both concerns are fair, and both are worth trying to solve. let me summarize (and ask you to reread and understand) grapamps response to you: email is dead. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Email encryption for the wider public
On Thu, Sep 18, 2014 at 11:13:04AM +0200, Krisztián Pintér wrote: On Thu, Sep 18, 2014 at 10:57 AM, stef s...@ctrlc.hu wrote: let me summarize (and ask you to reread and understand) grapamps response to you: email is dead. email is not dead, it is a zombie that walks around for at least 20 years. i like your analogy :) is there a non-zero probability that zombie analogies are the opposite to car analogies? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Question About Best Practices for Personal File Encryption
On Sat, Aug 16, 2014 at 06:26:28PM -0500, Mark Thomas wrote: Am I on the right track? If so does anyone know of a helpful guide to get started with OpenSSL on the command line besides the man pages? last time i checked openssl does no authenticated encryption on the command line. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Stealthy Dopant-Level Hardware Trojans
On Sun, Jun 22, 2014 at 01:46:44AM -0700, coderman wrote: On Fri, Sep 13, 2013 at 2:49 AM, Eugen Leitl eu...@leitl.org wrote: ... http://people.umass.edu/gbecker/BeckerChes13.pdf Stealthy Dopant-Level Hardware Trojans ? Georg T. Becker1 this paper has disappeared from the net. any one have copies? http://sgnsa2lp64l6v3l6.onion/BeckerChes13.pdf -- otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Ach] Better Crypto
On Tue, Jan 07, 2014 at 11:39:42AM +0100, L. Aaron Kaplan wrote: On Jan 7, 2014, at 11:24 AM, stef s...@ctrlc.hu wrote: On Tue, Jan 07, 2014 at 11:18:45AM +0100, L. Aaron Kaplan wrote: 1. We will have three config options: cipher String A,B,C ( generic safe config, maximum interoperability (== this also makes the mozilla people happy then) and finally a super-hardened setting (with reduced compatibility)). lacking the context on this also makes the mozilla people happy then There were some discussions on the bettercrypto list regarding also supporting Windows XP (which means RC4 or 3DES). interesting sudden context switch from mozillans to microsoft-victims. a distraction? And there was a very good argument that a *lot* of people still use XP and for many sites it is not an option to exclude them. On the other hand, WinXP is end of life. It's a hard choice for you it's an easy choice. your products only feature is to provide security, if you forfeit that feature for interoperability, then you have not achieved anything. i'd start looking into who actually proposed that, and what are his intelligence agency or corporate ties. this all sounds to me like the banking crisis, too-big-to-fail, so let's do some security theater, but otherwise leave all the downgrade attack paths open. So, I guess that was a really good reason and personally I don't see any reason so far to assume: you have not produced any argument - only a distraction - against that assumption. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
On Tue, Dec 24, 2013 at 11:54:51PM +, Malcolm Matalka wrote: - Nobody complaining about top posting, trimming cruft and other such nonsense calling etiquette nonsense -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Quality of HAVEGE algorithm for entropy?
On Fri, Nov 29, 2013 at 11:22:29AM +0100, Joachim Strömbergson wrote: What I was trying to say is that Havege running on MCUs (AVR, AVR32, PIC, PIC32, ARM Cortex M0 etc) where instructions in general takes the same number of cycles to execute and where caches are few (few levels), have simple or even no replacement policy (it is done by SW control), the assumptions in Havege is not really present. And that this change in physical setup _should_ affect the variance measured. But again, I haven't tested it yet. howdy, i tried out the default haveged code found under: http://www.irisa.fr/caps/projects/hipsor/misc.php#measure on an arm cortex m3 stm32f2xx and streamed the results over uart and plotted them here: https://www.ctrlc.hu/~stef/stm32f2x-jitter.png prefetch, data and instruction cache where enabled. cheers,s -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Allergy for client certificates
On Wed, Oct 09, 2013 at 02:50:59PM +0100, Michael Rogers wrote: This touches on another question I've been meaning to ask you: what happens if a user creates an account from a client machine, thus installing a client cert on that machine, and then wants to use the account from another machine? i guess the user has to use the crappy ui of the browser to extract it. while the browser vendors are polishing rounded transparent tabs instead. Also, what happens if a user installs a client cert on a machine and then walks away, leaving their client cert exposed to the next user? With passwords there's an expectation that once you've logged out, the next user can't log into your account. But client certs break that expectation. indeed, client auth is bound to the browser in this sense and needs to be understood by the users, this is a cognitive entry barrier to usage. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] no-keyring public
On Sun, Aug 25, 2013 at 08:13:51AM -0400, Matthew Orgass wrote: On 2013-08-25 alser...@inbox.ru wrote: On Sat, 24 Aug 2013, Krisztián Pintér wrote: has anybody done something like that already? does it have a name? There was a ECC program from the previous century that worked as you described: the private key was derived solely from the user password. Seccure: http://point-at-infinity.org/seccure/ i 3 seccure. the lack of a good kdf was easily fixed with scrypt. It could even do ECDH. I wish there were more simple command line crypto utilities. good memories. so i just added ECDH also to my new tool: https://github.com/stef/pbp which is based on libsodium, based on nacl. also i created a new wrapper for python, pysodium: https://github.com/stef/pysodium hope you enjoy and play around with simple command line crypto utilities. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Jingle and Otr
On Wed, Aug 21, 2013 at 01:47:33PM +1000, James A. Donald wrote: The Jitsi FAQ https://jitsi.org/Documentation/FAQ says that chat sessions are protected by OTR, which implies that nothing else is. i think before considering using jitsi-s otr: http://lists.jitsi.org/pipermail/users/2013-July/004370.html http://lists.jitsi.org/pipermail/dev/2011-May/001484.html someone needs to contribute a port to otr4j or evaluate their inhouse implementation. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] random permutations
On Thu, May 09, 2013 at 10:01:09PM -0700, travis+ml-rbcryptogra...@subspacefield.org wrote: http://en.wikipedia.org/wiki/Knuth_shuffle Anything that works without a table? I'm assuming you won't have a key to represent all (2^n)! permutations so... For even a large subset of all permutations? i have this naive algo where i generate a random number with n! as an upper limit, and then convert the resulting number into base n, where each digit then is an index to the unshuffled/ordered list of all elements. dunno if that fits your expectations. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Rocra malware targets files encrypted by Acid Cryptofiler
On Wed, Jan 16, 2013 at 10:37:57AM -0500, Kevin W. Wall wrote: I'm guessing that means that this Acid Cryptofiler is some severely flawed crypto software (or was written by the NSA and has some back door or side channel). i guess it's french origin: https://fr.wikipedia.org/wiki/Acid_Cryptofiler regards,s -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography