ately ECRYPY II has come to an end and I'm not certain the
report will be updated anymore. Would be a loss since having updated
estimates on keys and what algorithms to use is really helpful (IMHO).
- --
Med vänlig hälsning, Yours
Joachim Strömbergso
ography
(where Fortuna is described in good detail) [1]:
"Fortuna solves the problem of having to define entropy estimators by
getting rid of them."
[1] https://www.schneier.com/book-practical.html
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
==
stand DJB correctly EC as such is sound and provides clear
benefits compared to RSA. We just need curves that have completely
open, traceable and varifiable specifications.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk
ge about
differential attacks at least as far back as 1977.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: G
family of functions including ChaCha are compression functions
in counter mode to generate a keystream.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
-BEGIN PGP SIGNATURE-
V
Aloha!
uIP [1] is a very compact TCP/IP stack for small, networked connected,
embedded devices. (The code size for uIP including TCP and ICMP on the
AVR processor is about 5 kBytes.)
Unfortunately, the TCP sequence number generator in uIP is a bit
simplistic - basically a monotonically increasing
tprint and thus its applicability for embedded
platforms was (somewhat) effected.
That is, secure implementations might have different requirements than
what mighty have been stated, and we want to select an algorithm based
on the requirements for a secure implementation, right?
--
Med vänlig häls
ed feature?
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
Kryptoblog - IT-säkerhet på sven
doing an efficient
implementation in HW of ECC and not stepping on Certicom patent toes. SW
implementations are probably ok though.
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning
t I wouldn't trust it as the sole source of entropy."
Device aging, changes is the manufacturing process, electrical and
environmental changes (accidental or deliberately) will all affect the
RNG, and there is no easy way for the (low cost) device to know how good
or bad quality
bits (or similar ID length)?
I give the paper plus marks for novelty, but can't see how to use this
in a secure, practical and cost efficient way.
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
=
numbers.
One could add test functionality that checks the randomness of the
initial SRAM state after power on. But somehow I don't think a good test
suite and extremely low cost devices (for example RFID chips) are very
compatible concepts.
--
Med vänlig hälsning, Yours
Joachim Strömber
(3) in the opposite situation to (2), how should the RFID unit avoid the
fixed bits when generating a key based on the random bits? Would it be
ok to simply run the power on memory state through a cryptographic hash
function, ignoring the fixed bits?
--
Med vänlig hälsning, Yours
Joachim Str
Aloha!
Joachim Strömbergson skrev:
Aloha!
I just saw om EE Times that AMD will start to extend their x86 CPUs with
instructions to support/help developers take advantage of the increasing
(potential) parallelism in their processors. First out are two
instructions that allows the developer
countermeasures
against access driven cache attacks on AES
http://eprint.iacr.org/2007/282.pdf
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
Kryptoblog - IT-säkerhet på svenska
http
er, is
also available.
All of the goodies are at http://www.interhack.net/projects/deschall/.
Very cool, but the webserver seems to be down.
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
Kryp
16 matches
Mail list logo
