On 18/08/13 09:11 AM, Ben Laurie wrote:
If I chose to run Linux, I could fix the version I ran. In fact, I
choose not to run it, so I don't need to.
Indeed, or:
That's terrible advice. Implement your own crypto of any sort widely
leads to complete fail, as we see repeatedly.
;) gentle nud
Hello everybody,
I am trying to form an anonymous opining sytem based on a single
Registrar, whose signatures deify users' public keys with the mark of a
Participant. But to protect the users from an evil registrar, blinding
must be used.
I have been told that blinding is already implemente
On 18 August 2013 02:55, James A. Donald wrote:
> On 2013-08-18 4:11 PM, Ben Laurie wrote:
>
>
> If I chose to run Linux, I could fix the version I ran. In fact, I choose
> not to run it, so I don't need to.
>
>
> But if you write software, you don't write it just for your own computer,
> so if
Hi Jake. This is not GPG-related, but I worked on an OpenID-based private
federated login system called PseudoID that used blind signatures.
Basically, an identity provider will check your real identity, then issue
you a blindly-signed token which you can then later use to log in
pseudo-anonymously
On Sat, Aug 17, 2013 at 12:48:12PM -0400, Sandy Harris wrote:
> On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce
> wrote:
> > The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random
> > number generator when the entropy pool has been exhausted.
>
> No, it doesn't, or at least di
On Sat, Aug 17, 2013 at 12:24:45AM -, D. J. Bernstein wrote:
> I'm not saying that /dev/urandom has a perfect API. It's disappointingly
> common for vendors to deploy devices where the randomness pool has never
> been initialized; BSD /dev/urandom catches this configuration bug by
> blocking, b
Hi list,
Anyone know some paper or article citing vulnerabilities on the rfc 4345
version of RC4?
I know of the article "A New Weakness in the RC4 Keystream Generator and
an Approach to Improve the Security of the Cipher" by Paul and Preneel,
that discovered a bias after the first 1536 first byte
On Sun, Aug 18, 2013 at 10:14 AM, Ben Laurie wrote:
> ... my advice is that you probably should not run Linux if you need
> strong randomness.
i am surprised this has not surfaced more often in this thread:
if you need good entropy: use a hardware entropy generator!
also use a userspace entro
