*has* solved those vexing
problems could extend the protection that they've gained to users of
your protocol.
3. Maybe study ZRTP and tcpcrypt for comparison. Don't try to study
foolscap, even though it is a very interesting practical approach,
because there doesn't exist docume
Therefore, Ed25519 or RFC-6979-enhanced (EC)DSA is actually safer than RSA-PSS
is with regard to this issue.
Regards,
Zooko
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
our friendly neighborhood TLS implementor to move fast on
http://tools.ietf.org/id/draft-josefsson-salsa20-tls-02.txt .
Regards,
Zooko
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
e, and I have non-technical friends who use it and are totally
> happy with the results. I wish there was an automated thing in Time
> Machine to let me trade backups with an offsite friend as well.
The Least-Authority Filesystem comes with a nice backup tool ("tahoe backu
Here's a nice resource: RFC 6090!
https://tools.ietf.org/html/rfc6090
Also relevant:
http://cr.yp.to/ecdh/patents.html
I'd be keen to see a list of potentially-relevant patents which have
expired or are due to expire within the next 5 years.
Regards,
Zooko Wilcox-O'Hearn
Fo
't offer voice, text, video, or email services, like
Silent Circle does/did. What we offer is simply secure offsite
*backup*, and a secure cloud storage API that people use to build
other services. So we aren't competitors.)
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Sup
encryption. It is possible. It isn't easy, but we just might make it!
We welcome criticism, suggestions, and requests from you all.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freed
other than the current core developers are possible. In that event, we
would try to persuade any such forks to adopt a similar policy.
The following Tahoe-LAFS developers agree with this statement:
David-Sarah Hopwood
Zooko Wilcox-O'Hearn
Brian Warner
Kevan Carstensen
Frédéric Marti
Jack Lloy
ers in the public interest" who make Tahoe-LAFS
possible.
David-Sarah Hopwood and Zooko Wilcox-O'Hearn
on behalf of the Tahoe-LAFS team
September 23, 2010
Rainhill, Merseyside, UK and Boulder, Colorado, USA
[1] http://tahoe-lafs.org/trac/tahoe/browser/relnotes.txt?rev=4579
[2] http:/
emd, SHA-2, and the SHA-3 candidates that this
does hold!
What do you think of that argument?
Regards,
Zooko
[1] http://www.springerlink.com/content/d7pm142n58853467/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
GEMENTS
This is the fifth release of Tahoe-LAFS to be created solely
as a labor of love by volunteers. Thank you very much to the
team of "hackers in the public interest" who make Tahoe-LAFS
possible.
David-Sarah Hopwood and Zooko Wilcox-O'Hearn
on behalf of the Tahoe-LAFS team
ith a better demonstration
that they were generated with any possible "back door" than do the
NIST curves [3].
Regards,
Zooko
[1] http://www.keylength.com/
[2] http://bench.cr.yp.to/results-sign.html
[3]
http://www.ecc-brainpool.org/download/draft-lochter-pkix-brain
e progress they make.
Regards,
Zooko
ANNOUNCING Tahoe, the Least-Authority File System, v1.7.0
The Tahoe-LAFS team is pleased to announce the immediate
availability of version 1.7.0 of Tahoe-LAFS, an extremely
reliable distributed storage system.
Tahoe-LAFS is the first distributed storage syst
t digital signature scheme that you can imagine. :-)
"""
In that note I go on to talk about more Tahoe-LAFS-specific
engineering considerations and expose my ignorance about exactly what
properties are required of the underlying secure hash functions.
Regards,
Zooko
--
On Thu, Apr 22, 2010 at 12:40 PM, Jonathan Katz wrote:
> On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
>
>> Unless I misunderstand, if you read someone's plaintext without having
>> the private key then you have proven that P=NP!
…
> The paper you cite reduce
or.
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
heme which
has good properties (efficiency, simplicity, ease of implementation)
and which is based on substantially different ideas and which isn't
currently under patent protection (therefore excluding NTRUSign).
Any ideas?
[1] http://eprint.iacr.org/2007/019
also proven that P=NP!
Unfortunately that one in particular doesn't provide digital
signatures, only public key encryption, and what I most need for the
One Hundred Year Cryptography project is digital signatures.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2010-April/date.
ral variant of our scheme
that is secure against key-leakage attacks, as well as an oblivious
transfer protocol that is secure against semi-honest adversaries.
"""
Unless I misunderstand, if you read someone's plaintext without having
the
way) or a 128 bits (i.e. you rely on the MAC and you
want 128-bit crypto strength) or something in between.
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
tance and pre-image resistance seem to follow the same pattern
as collision-resistance -- C[H1, H2] seems to be much stronger than
H1 or H2 alone.
Regards,
Zooko
[1] http://extendedsubset.com/Renegotiating_TLS.pdf
[2] http://allmydata.org/trac/tahoe/wiki/NewCaps/WhatCouldGoWrong
[3] http://
need to be random, they need only to be
unique. Can you use a block number and birth number or other such
guaranteed-unique data instead of storing an IV? (Apropos recent
discussion on the cryptography list [2].)
Regards,
Zooko
[1] http://hub.opensolaris.org/bin/download/Project+zfs%2Dcry
d point! But can't the one who verifies the signature also verify
that the k was generated according to the prescribed technique?
Regards,
Zooko
P.S. If you read this letter all the way to the end then please let
me know. I try to make them short, but sometimes I think th
f why he finds the current solution unsatisfactory,
perhaps because he assumed the audience already shared his view. (I
think he mentioned something in his letter like "the well-known
failures of the SSL/CA approach to this problem".)
following-up to my own post:
On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
David-Sarah Hopwood suggested the improvement that the integrity-
check value "V" could be computed as an integrity check (i.e. a
secure hash) on the K1_enc in addition to the file c
e decryption and integrity-checking of the
ciphertext.
Here is a diagram: [5] (also attached).
David-Sarah Hopwood suggested the improvement that the integrity-
check value "V" could be computed as an integrity check (i.e. a
secure hash) on the K1_enc in addition to t
And while you are at it, please implement these test vectors and
report to Niels Ferguson:
http://blogs.msdn.com/si_team/archive/2006/05/19/aes-test-vectors.aspx
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by
the wiki page where we're keeping our notes: [5].
If any smart cryptographer or hacker reading this wants to create
secure, decentralized storage, please join us! We could use the
help! :-)
Regards,
Zooko
[1] http://allmydata.org/~zooko/lafs.pdf
[2] http://allmydata
Installment 5 will be about future work and new
crypto ideas.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2009-August/002637.html
# installment 1: immutable file caps
[2] http://allmydata.org/pipermail/tahoe-dev/2009-Au
On Thursday,2009-08-27, at 19:14 , James A. Donald wrote:
Zooko Wilcox-O'Hearn wrote:
Right, and if we add algorithm agility then this attack is
possible even if both SHA-2 and SHA-3 are perfectly secure!
Consider this variation of the scenario: Alice generates a
filecap and gives
nus Torvalds ,
Perry Metzger, et al. that git users are vulnerable to exploitation
by collisions. I'll try to write up my reasoning at some point.)
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
o a v1.6 reader, asking him to
inspect the file and then pass it on to his trusted, v1.7-using,
partner?
Hm...
This at least suggests that the v1.7 readers need to check *all*
hashes that are offered and raise an alarm if some verify and others
don't. Is that good enough?
:-/
Reg
On Wednesday,2009-08-19, at 10:05 , Jack Lloyd wrote:
On Wed, Aug 19, 2009 at 09:28:45AM -0600, Zooko Wilcox-O'Hearn wrote:
[*] Linus Torvalds got the idea of a Cryptographic Hash Function
Directed Acyclic Graph structure from an earlier distributed
revision control tool named Mon
hat convenience
more than an extra degree of safety. I know of other people who keep
their Tahoe-LAFS caps more securely, on Unix filesystems, on
encrypted USB keys, etc..
Regards,
Zooko
[*] Linus Torvalds got the idea of a Cryptographic Hash Function
Directed Acyclic Graph structure f
istributed, fault-tolerant key-value storage grid), and
without having to know too much about how other programs or other
humans on the same system are managing their caps.
We owe thanks to many others including the authors of Self-certifying
filesystem, Freenet, Mojo Nation a
me it is an excellent starting point for a
modern study of the cryptographic issues. :-)
I still do intend to follow-up on the subthread which I call "So how
do *you* do key management, then?", which I consider to be the most
important issue for practical security of systems like the
On Monday,2009-08-10, at 13:47 , Zooko Wilcox-O'Hearn wrote:
This conversation has bifurcated,
Oh, and while I don't mind if people want to talk about this on the
tahoe-dev list, it doesn't have that much to do with tahoe-lafs
anymore, now that we're done com
archive:
http://www.mail-archive.com/cryptography@metzdowd.com/msg10680.html
Here it is on the tahoe-dev mailing list archive. Note that
threading is screwed up in our mailing list archive. :-(
http://allmydata.org/pipermail/tahoe-dev/2009-August/subject.html#start
Regards,
Zooko
safe
alternatives such as keeping the data on your home computer or on
your corporate server. The Cleversafe FUD doesn't help people
understand the issues better.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html
[2] http://allmydata.org/piperma
[dropping tahoe-dev from Cc:]
On Thursday,2009-08-06, at 2:52 , Ben Laurie wrote:
Zooko Wilcox-O'Hearn wrote:
I don't think there is any basis to the claims that Cleversafe
makes that their erasure-coding ("Information Dispersal")-based
system is fundamentally safer
es in processing power e.g. reference to
Moore's Law is confused. Advances in processing power would not be
sufficient to crack modern cryptosystems and in many cases would not
be necessary either.
Okay I think that's it. I hope these notes are not so terse as to be
confusing or inf
ever), then you will be added to the Hall Of Fame
at http://hacktahoe.org . :-)
Regards,
Zooko
---
The Tahoe-LAFS team is pleased to announce the immediate availability of
version 1.5 of Tahoe, the Lofty Atmospheric File System.
Tahoe-LAFS is the first cloud storage technology which offers secur
Poly1305 to VMAC, please report
your measurement, at least to me privately if not to the list. I can
use that sort of feedback to contribute improvements to the Crypto++
library. Thanks!
Regards,
Zooko Wilcox-O'Hearn
---
Tahoe, the Least-Authority Filesystem -- http://allmydata.org
.
http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html
Jason Resch of cleversafe has also been participating in the
discussion on that list.
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by sending
he cleversafe architecture is
just as susceptible to AES-256 failing as an encryption scheme such
as is used in the Tahoe-LAFS architecture).
But, it is time for me to stop reading about cryptography and get
ready to go to work. :-)
Regards
Zooko
---
Tahoe, the Least-Authority Fi
On Sunday,2009-07-19, at 13:24 , Paul Hoffman wrote:
At 7:54 AM -0600 7/18/09, Zooko Wilcox-O'Hearn wrote:
This involves deciding whether a 192-bit elliptic curve public key
is strong enough...
Why not just go with 256-bit EC (128-bit symmetric strength)? Is
the 8 bytes per signatur
ivate-
hyperelliptic-curve-based capabilities (in addition to RSA and ECDSA
for backward compatibility).
Regards,
Zooko Wilcox-O'Hearn
P.S. Oh, I told a lie in the interests of brevity when I said that
file handles contain actual public keys or actual private keys. RSA
keys are way
tic.org and jam...@echeque.com to the list of
addresses that can post to tahoe-dev without being subscribed.
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
ient capability-
based access control scheme.
Regards,
Zooko
[1] http://allmydata.org
[2] http://allmydata.org/trac/tahoe/browser/docs/architecture.txt
[3] http://duplicity.nongnu.org
[4] http://podcast.utos.org/index.php?id=52
--
pace and bandwidth to the
open source project. Thank you to Allmydata, Inc. for their generous and
public-spirited support.
Zooko Wilcox-O'Hearn
on behalf of the allmydata.org team
Special acknowledgment goes to Brian Warner, whose superb engineering
skills and dedication are primarily respon
able, malfunctioning, or malicious."
Such ambitious security goals benefit greatly from public criticism
and review, so please kick the tires and let us know what you think.
Regards,
Zooko
ANNOUNCING allmydata.org "Tahoe", the Least-Authority Filesystem, v1.3
We are pleased
s anyone have more detail about the scale and scope of these
currencies?
> My white paper could use a little updating, but the basic conclusions
> remain sound:
>
> http://www.taugh.com/epostage.pdf
Thanks! I'll read this.
Regards,
Zooko
-
ently being involved in a project that might lead to a third
attempt.
Regards,
Zooko
---
http://allmydata.org -- Tahoe, the Least-Authority Filesystem
http://allmydata.com -- back up all your files for $10/month
-
The Cryptog
if you have a better way to think about parallelism of hash
functions, I'm all ears.
Thanks,
Zooko
---
http://allmydata.org -- Tahoe, the Least-Authority Filesystem
http://allmydata.com -- back up all your files for $5/month
Dear people of the Cryptography mailing list:
The Hack Tahoe! contest (http://hacktahoe.org ) has already led a
security researchers to spot a flaw in our crypto design. This
release fixes that flaw.
Regards,
Zooko
ANNOUNCING Allmydata.org "Tahoe", the Least-Authority Filesy
Folks:
This contest is inspired by Sameer Parekh's "Hack Netscape!" contest
in the fall of 1995.
It is already eliciting some really good security insights from smart
people.
Regards,
Zooko
ANNOUNCING the "Hack Tahoe!" contest
http://hacktahoe.org
T
x27;s Obfuscated TCP:
http://code.google.com/p/obstcp/
One of the design constraints for Obfuscated TCP was that an
Obfuscated TCP connection is required to take zero more round trips
to set up and use than a normal TCP connection. Way to go, Adam!
Regards,
esign around the assumptions of
software crypto.
Regards,
Zooko
[1] https://financialcryptography.com/mt/archives/001064.html
[2] http://www.creativedestruction.com/archives/000937.html
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
t NSA or some such shadowy agency bamboozled
them into thinking that it would be illegal to release it, or
threatened them with unfortunate coincidences if they went ahead, or
persuaded them that GPL'ing it would aid terr
Inc. [13], a provider of consumer
backup services. Allmydata, Inc. contributes hardware, software,
ideas, bug reports, suggestions, demands, and money (employing several
allmydata.org Tahoe hackers and instructing them to spend part of
their work time on this free-software project). We are eternal
("N2" is the development code-name for the most recent
OpenSPARC -- its product name is "T2".)
Appended is my reply. If anyone on this list knows more about the
relevant export regulations, please share.
Regards,
Zooko
[1] http://www.opensparc.net/opensparc-t2/d
On May 24, 2008, at 9:18 PM, Steven M. Bellovin wrote:
I believe that all open source Unix-like systems have /dev/random
and /dev/urandom; Solaris does as well.
By the way, Solaris is an open source Unix-like system nowadays. ;-)
Regards,
Zooko
pen sparc community support" e-mail
address, and the Sun "open source ombudsman", Simon Phipps. None of
them ever wrote back.
This experience rather dampened my enthusiasm about relying on T2
hardware as a higher-assurance, but still pretty commo
l benefits to be
gained then I will revisit this issue and perhaps I will be forced to
rely on an argument of the other form -- that users are unlikely to
use it in an unsafe way.
Thank you again for your thoughtful comments on this issue.
Regards,
Zooko O'Whielacronx
it is not
needed because the "s = random()" part of the algorithm locks out all
attackers except those with whom s is shared from mounting such an
attack at all.
Thank you for your comments on this issue. If you have further
ideas, especially as would be relevant to the Tahoe L
a, Inc. [10], a provider of consumer
backup services. Allmydata, Inc. contributes hardware, software,
ideas, bug reports, suggestions, demands, and money (employing several
allmydata.org Tahoe hackers and instructing them to spend part of
their work time on this free-software project). We are eternally
user were using it with files that she intended not to divulge, but
that were susceptible to being brute-forced in this way by an attacker.
On Mar 20, 2008, at 10:56 PM, Jim McCoy wrote:
On Mar 20, 2008, at 12:42 PM, zooko wrote:
Security engineers have always appreciated that converge
Dear Perry Metzger:
Jim McCoy asked me to forward this, as he is not subscribed to
cryptography@metzdowd.com, so his posting bounced.
Regards,
Zooko
Begin forwarded message:
From: Jim McCoy <[EMAIL PROTECTED]>
Date: March 20, 2008 10:56:58 PM MDT
To: theory and practice of decentr
(This is an ASCII rendering of https://zooko.com/
convergent_encryption_reconsidered.html .)
Convergent Encryption Reconsidered
Written by Zooko Wilcox-O'Hearn, documenting ideas due to Drew
Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20.
llowing them to spend part of their
work time on the next-generation, free-software project). We are
eternally grateful!
Zooko O'Whielacronx
on behalf of the allmydata.org team
March 13, 2008
Boulder, Colorado, USA
[1] http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=2183
[2] http://al
as, bug reports, suggestions, demands, and money (employing several
allmydata.org Tahoe hackers and allowing them to spend part of their
work time on the next-generation, free-software project). We are
eternally grateful!
Zooko O'Whielacronx
on behalf of the allmydata.org team
February 15
7;s an interesting puzzle of intellectual history. The idea
certainly seems to have been "in the air", as both Mojo Nation and
Freenet were working on it before the May 2000 patent submission by
Doceur et al., but Mojo Nation and Freenet each published the idea
shortly after May 2000
27;ve done a good job of designing and implementing
this securely, we know that this kind of thing can have subtle
problems, and we would welcome peer review of what we've done, as
well as ideas of what we should do.
Regards,
Zooko O'Whielacronx
ANNOUNCING: Allmydata-Tahoe vers
on it?
I'm curious if your crypto library is to be implemented by use of
another one, perhaps an open-source one that I am familiar with.
Nowadays I prefer Crypto++ [1].
Regards,
Zooko
[1] http://cryptopp.com/
something that appears to be your bank account.
So, the thing about writing down certificates and mapping them to
short hand-written notes is what the Pet Name Toolbar automates for you:
https://addons.mozilla.org/en-US/firefox/addon/957
Please let us know how it works for you.
Regards,
t on PKI style certificates for signing,
...
The most important motivation at the time was to avoid the risk of Java being
export-controlled as crypto. The theory within Sun was that "crypto with a
hole" would be fre
in a hash function is more important than speed in encryption.
By the way, the traditional practice of using a hash function as a
component of a MAC should, in my humble opinion, be retired in favor of
the Carter-Wegman alternative such as Poly-1305 AES [7].
Regards,
Zooko
[1] http://allmyda
engineering, etc. outweighs the
chance of a successful attack due to cryptanalysis of the PRNG, which
is why I use /dev/urandom exclusively [*, **]. You may weigh those
trade-offs differently, but you shouldn't think that by decrementing
entropy_count you are achieving information-theore
: Alice is vulnerable to
Charles's choice of package because she trusts Bob to choose packages
and Bob trusts Charles to provide image files. And because they are
using a non-collision-resistant hash function.
Regards,
Zooko
-
T
On 2004, Sep 11, , at 17:20, Sandy Harris wrote:
Zooko O'Whielcronx wrote:
I believe that in the context of e-mail [1, 2, 3, 4] and FreeSWAN
this is called "opportunistic encryption".
That is certainly not what FreeS/WAN meant by "opportunistic
encryption"
that in the context of e-mail [1, 2, 3, 4] and FreeSWAN this
is called "opportunistic encryption".
Regards,
Zooko
[1] http://www.templetons.com/brad/crypt.html
[2] http://bitconjurer.org/envelope.html
[3] http://pps.sourceforge.net/
[4] http:
ch of such ideas, but I
have not yet read your book on TLS.
Thanks,
Zooko
[1] http://www.terisa.com/shttp/current.txt
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ely used key-
strengthening of iterated hashing.
[1] http://www.cse.ucsc.edu/~abadi
[2] http://research.microsoft.com/users/needham/
[3] http://citeseer.nj.nec.com/manber96simple.html
[4] http://www.cse.ucsc.edu/~abadi/Papers/pwd-revised.ps
"""
Regards,
Zooko
---
dy interactive license
chooser at http://pgl.yoyo.org/lqr/, and it said the following. I may have
misunderstood your desiderata though, so don't take my word for it. ;-)
Regards,
Zooko
License
| Hackers like accepting code under it
| | Combine with proprietary
ably simple (no templates) then SWIG
> (http://www.swig.org) will make the scripting language glue code for you
> automatically.
I use SWIG and like it. They say that the new SWIG handles templates better
than good old 1.1.
I haven't tried SWIG on Crypto++. I would really *like* for someone el
probably for an adversary to compromise all of them.
"""
Regards,
Zooko
[1] http://cypherpunks.venona.com/date/1995/10/msg00668.html
[2] http://www.cacr.math.uwaterloo.ca/hac/
-
The Cryptography Mailing Lis
f of the ciphertext at a time
seems peripheral. The same qualities would arise if this were implemented
with a different commitment protocol, such as sending a secure hash of the
tuple of (my_message, a_random_nonce).
Regards,
Zoo
it might be nice to have Goal B achievable in a certain setting
where Goal A remains unachievable.
Regards,
Zooko the Zoogulant
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
> Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
> which are on my shelf. Where was it published?
R. L. Rivest and A. Shamir. How to expose an eavesdropper. Communications of the ACM,
27:393-395, April 1984.
against one of
them and winning.
I certainly don't claim that the Interlock Protocol can prevent Mitch from
playing a game with one person and also playing a game with a second person,
but I do claim that it can prevent Mitch from
are brilliant and well-read cryptographers. However the Interlock
Protocol provides a counter-example to that intuition! (Not for Chess
Grandmaster, but for a full-duplex protocol such as Bughouse Grandmaster).
There are other counter-examples in the literature, which I would be happy to
I'm not sure
it is the same definition that other people are thinking of.
Anyway, it is a funny and underappreciated niche in cryptography, IMO. AFAIK
nobody has yet spelled out in the open literature what the actual theoretical
limitations are.
Regards,
Zooko
http://zooko.com/log.html
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
File -> Save As" dialogs also serves as a Least-Privilege-enforcing access
control system which protects even a naive and lazy user from a malicious text
editor.
See also Ping Yee's research in secure Human Interface.
Regards,
Zooko O'Whielacronx
http://zooko.com/log.html
-
that I am one of those who is
inventing my own secure comms layer. But you don't have to cotton to that
idea in order to enjoy the small bibliography.
Regards,
Zooko
http://zooko.com/log.html
-
The Cryptography Mai
at Alice meant for him to see.
Regards,
Zooko
http://zooko.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
notion that SFS applies to remote
filesystems.
It is an excellent idea.
Regards,
Zooko
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
* provide
functionality sufficient for these sorts of apps, but I am saying that the
notion of replay-prevention and integrity which is implemented in TLS is
insufficient for these sorts of apps, and that I'm interested in attempts to
offer a higher-level abstraction.
Regards,
Zooko
htt
ldn't.
Regards,
Zooko
http://zooko.com/
^-- under re-construction: some new stuff, some broken links
[1] http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html
> AES has gotten a lot of attention, and right now, it's the high-prestige
> target. (Among other
98 matches
Mail list logo