On 6/09/13 04:44 AM, Peter Gutmann wrote:
John Kelsey writes:
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto. Why attack when you can
bypass
John Kelsey writes:
>If I had to bet, I'd bet on bad rngs as the most likely source of a
>breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto. Why attack when you can
bypass [1].
Peter.
[1] From Shamir's Law [2], "cr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aloha!
Jerry Leichter wrote:
> On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
>
>> On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
>> wrote:
>>> Meanwhile, just what evidence do we really have that AES is
>>> secure?
>> The fact that the USG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>
> What is the state of prior art for the P-384? When was it first published?
>
> Given that RIM is trying to sell itself right now and the patents are the
> only asset worth having, I don't have good feelings on this. Well apart from
> the busine
On Tue, Sep 3, 2013 at 12:49 AM, Jon Callas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On Sep 2, 2013, at 3:06 PM, "Jack Lloyd" wrote:
>
> > On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
> >
> >> a) The very reference you give says that to be equivalent to 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 2, 2013, at 3:06 PM, "Jack Lloyd" wrote:
> On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
>
>> a) The very reference you give says that to be equivalent to 128
>> bits symmetric, you'd need a 3072 bit RSA key - but they requ
On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
> a) The very reference you give says that to be equivalent to 128
> bits symmetric, you'd need a 3072 bit RSA key - but they require a
> 2048 bit key. And the same reference says that to be equivalent to
> 256 bits symmetric, you ne
>>> Do we know they produced fake windows updates without assistance
>>> from Microsoft?
>>
>> Given the reaction from Microsoft, yes.
>>
>> The Microsoft public affairs people have been demonstrating real
>> anger at the Flame attack in many forums.
>
> ...Clearly, as things like bad vendor dri
On Mon, 2 Sep 2013 17:44:57 -0400 Jerry Leichter
wrote:
> > ...Clearly, as things like bad vendor drivers updates have been
> > sent out using stolen keys in the past, and clearly vendors might
> > simply make mistakes in the future
>
> Except that that's not what happened in this case.
>
>
On Mon, 2 Sep 2013 13:14:00 -0700 "Christian Huitema"
wrote:
> > > > Do we know they produced fake windows updates without
> > > > assistance from Microsoft?
> > >
> > > Given the reaction from Microsoft, yes.
> > >
> > > The Microsoft public affairs people have been demonstrating real
> > > ang
> > > Do we know they produced fake windows updates without assistance
> > > from Microsoft?
> >
> > Given the reaction from Microsoft, yes.
> >
> > The Microsoft public affairs people have been demonstrating real
> > anger at the Flame attack in many forums.
>
> But of course, sufficiently paran
You know, if there was a completely ironclad legal opinion that made use of
ECC possible without the risk of a lawsuit costing over $2 million from
Certicom then I would be happy to endorse a switch to ECC like the NSA is
pushing for as well.
I would not therefore draw the conclusion that NSA advi
On Mon, 2 Sep 2013 14:45:00 -0400 Phillip Hallam-Baker
wrote:
> > Do we know they produced fake windows updates without assistance
> > from Microsoft?
>
> Given the reaction from Microsoft, yes.
>
> The Microsoft public affairs people have been demonstrating real
> anger at the Flame attack in m
On Sun, Sep 1, 2013 at 10:35 PM, James A. Donald wrote:
> On 2013-09-01 9:11 PM, Jerry Leichter wrote:
>
>> Meanwhile, on the authentication side, Stuxnet provided evidence that the
>> secret community *does* have capabilities (to conduct a collision attacks)
>> beyond those known to the public -
On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
> On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
> wrote:
>> - To let's look at what they want for TOP SECRET. First off, RSA -
>> accepted for a transition period for SECRET, and then only with
>> 2048 bit moduli, which until the last year o
On Mon, 2 Sep 2013 15:09:31 -0400 Jerry Leichter
wrote:
> On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
>
> > On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
> > wrote:
> >> - To let's look at what they want for TOP SECRET. First off,
> >> RSA - accepted for a transition period for SECRE
recent post with email discussing PGP-like implementation ... a decade before
PGP in financial crypto blog
http://www.garlic.com/~lynn/2013i.html#69
and then a little later realizing there were 3-kinds of crypto (when I was told
I could make as many boxes as I wanted ... but could only sell to a
On Sep 1, 2013, at 10:35 PM, James A. Donald wrote:
>> Meanwhile, on the authentication side, Stuxnet provided evidence that the
>> secret community *does* have capabilities (to conduct a collision attacks)
>> beyond those known to the public - capabilities sufficient to produce fake
>> Windows
On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
wrote:
> - To let's look at what they want for TOP SECRET. First off, RSA -
> accepted for a transition period for SECRET, and then only with
> 2048 bit moduli, which until the last year or so were almost
> unknown in commercial settings - is compl
On Sep 1, 2013, at 6:06 PM, Perry E. Metzger wrote:
> We know what they spec for use by the rest of the US government in
> Suite B.
>
> http://www.nsa.gov/ia/programs/suiteb_cryptography/
>
> AES with 128-bit keys provides adequate protection for classified
> information up to the SECRET level.
On 2013-09-01 9:11 PM, Jerry Leichter wrote:
Meanwhile, on the authentication side, Stuxnet provided evidence that the
secret community *does* have capabilities (to conduct a collision attacks)
beyond those known to the public - capabilities sufficient to produce fake
Windows updates.
Do we
On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter
wrote:
>
> On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
>
> > On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
> > wrote:
> >> Meanwhile, just what evidence do we really have that AES is
> >> secure?
> >
> > The fact that the USG likes us
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
> On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
> wrote:
>> Meanwhile, just what evidence do we really have that AES is
>> secure?
>
> The fact that the USG likes using it, too.
We know they *say in public* that it's acceptable. But do we
On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
wrote:
> Meanwhile, just what evidence do we really have that AES is
> secure?
The fact that the USG likes using it, too.
That's also evidence for eliptic curve techniques btw.
Perry
--
Perry E. Metzgerpe...@piermont.com
What I think we are worried about here are very widespread automated attacks,
and they're passive (data is collected and then attacks are run offline). All
that constrains what attacks make sense in this context. You need attacks that
you can run in a reasonable time, with minimal requirements
On Sep 1, 2013, at 2:36 AM, Peter Gutmann wrote:
> John Kelsey writes:
>
>> If I had to bet, I'd bet on bad rngs as the most likely source of a
>> breakthrough in decrypting lots of encrypted traffic from different sources.
>
> If I had to bet, I'd bet on anything but the crypto. Why attack wh
On Sat, 31 Aug 2013 17:00:01 -0400 John Kelsey
wrote:
> If I had to bet, I'd bet on bad rngs as the most likely source of a
> breakthrough in decrypting lots of encrypted traffic from different
> sources.
This seems by far the most probable conclusion. Note, for example,
Heninger et al's recent
On Aug 31, 2013, at 2:02 PM, Ray Dillinger wrote:
> ... It is both
> interesting and peculiar that so little news of quantum computing has been
> published since.
I don't understand this claim. Shor's work opened up a really hot new area
that both CS people and physicists (and others as well) ha
On 2013-09-01 4:02 AM, Ray Dillinger wrote:
On 08/30/2013 08:10 PM, Aaron Zauner wrote:
I read that WP report too. IMHO this can only be related to RSA
(factorization, side-channel attacks).
I have been hearing rumors lately that factoring may not in fact be as
hard
as we have heretofore sup
If I had to bet, I'd bet on bad rngs as the most likely source of a
breakthrough in decrypting lots of encrypted traffic from different sources.
--John
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo
On 08/30/2013 08:10 PM, Aaron Zauner wrote:
I read that WP report too. IMHO this can only be related to RSA (factorization,
side-channel attacks).
I have been hearing rumors lately that factoring may not in fact be as hard
as we have heretofore supposed. Algorithmic advances keep eating into
On 31/08/13 06:10 AM, Aaron Zauner wrote:
On Aug 30, 2013, at 1:17 PM, Jerry Leichter wrote:
So the latest Snowden data contains hints that the NSA (a) spends a great deal of money
on cracking encrypted Internet traffic; (b) recently made some kind of a cryptanalytic
"breakthrough". What a
On Fri, Aug 30, 2013 at 07:17:08AM -0400, Jerry Leichter wrote:
> So the latest Snowden data contains hints that the NSA (a) spends a
> great deal of money on cracking encrypted Internet traffic; (b) recently
> made some kind of a cryptanalytic "breakthrough". What are we to make
> of this? (Obv
On Aug 30, 2013, at 1:17 PM, Jerry Leichter wrote:
> So the latest Snowden data contains hints that the NSA (a) spends a great
> deal of money on cracking encrypted Internet traffic; (b) recently made some
> kind of a cryptanalytic "breakthrough". What are we to make of this?
> (Obviously,
34 matches
Mail list logo