[cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Marco Pozzato
Hi all, I'm looking for an asynchronous messaging protocol with support for forward secrecy: I found some ideas, some abstract paper but nothing ready to be used. OTR seems the preeminent protocol, but does not have support for asynchronous communication. This post https://whispersystems.org/blog

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Adam Back
Well aside from the PGP PFS draft that you found (which I am one of the co-authors of) I also had before that in 1998 observed that any IBE system can be used to make a non-interactively forware secret system. http://www.cypherspace.org/adam/nifs/ There were prior IBE systems (with expensive set

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Trevor Perrin
On Mon, Sep 16, 2013 at 4:45 AM, Marco Pozzato wrote: > Hi all, > > I'm looking for an asynchronous messaging protocol with support for forward > secrecy: I found some ideas, some abstract paper but nothing ready to be > used. > > OTR seems the preeminent protocol, but does not have support for >

Re: [cryptography] [Bitcoin-development] REWARD offered for hash collisions for SHA1, SHA256, RIPEMD160 and others

2013-09-16 Thread Lodewijk andré de la porte
1) We advise mining the block in which you collect your bounty yourself; scriptSigs satisfying the above scriptPubKeys do not cryptographically sign the transaction's outputs. If the bounty value is sufficiently large other miners may find it profitable to reorganize the chain to kill y

[cryptography] Fatal flaw in Taiwanese smart card RNG

2013-09-16 Thread John Kemp
See: http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/ for overview, and: http://smartfacts.cr.yp.to/ for more details of the research. Would it be advisable to implement a test, prior to any certification of an RNG, whereb

Re: [cryptography] Fatal flaw in Taiwanese smart card RNG

2013-09-16 Thread Tim
> no. you can't test a rng by looking at the output. only the > algorithm and the actual code can be analyzed and reviewed. it is > because it is extremely easy to create a crappy rng that fools the > smartest analytical tool on the planet. it is not that easy to fool an > attacker that reverse en

Re: [cryptography] Fatal flaw in Taiwanese smart card RNG

2013-09-16 Thread Seth David Schoen
Krisztián Pintér writes: > no. you can't test a rng by looking at the output. only the algorithm > and the actual code can be analyzed and reviewed. it is because it > is extremely easy to create a crappy rng that fools the smartest > analytical tool on the planet. it is not that easy to fool an a

Re: [cryptography] Fatal flaw in Taiwanese smart card RNG

2013-09-16 Thread Krisztián Pintér
no. you can't test a rng by looking at the output. only the algorithm and the actual code can be analyzed and reviewed. it is because it is extremely easy to create a crappy rng that fools the smartest analytical tool on the planet. it is not that easy to fool an attacker that reverse engineers

Re: [cryptography] [Bitcoin-development] REWARD offered for hash collisions for SHA1, SHA256, RIPEMD160 and others

2013-09-16 Thread Adam Back
Mining power policy abuse (deciding which transactions prevail based on compute power advantage for theft reasons, or political reasons, or taint reasons) is what committed coins protect against: https://bitcointalk.org/index.php?topic=206303.0 (Its just a proposal, its not implemented). Adam

[cryptography] It's time for a Whistleblowing / Leaking Initiative for Cryptographer ?

2013-09-16 Thread Fabio Pietrosanti (naif)
http://threatpost.com/uk-cryptographers-call-for-outing-of-deliberately-weakened-protocols-products/102301 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org __

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Patrick Baxter
Has anyone here looked at Pond? https://pond.imperialviolet.org/ Its by Adam Langley and while still very new and maybe in need of more review, it seems quite promising. On Mon, Sep 16, 2013 at 4:45 AM, Marco Pozzato wrote: > Hi all, > > I'm looking for an asynchronous messaging protocol with su

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Tony Arcieri
On Mon, Sep 16, 2013 at 4:45 AM, Marco Pozzato wrote: > I'm looking for an asynchronous messaging protocol with support for > forward secrecy > There's also Nitro, which is a CurveCP derivative: http://gonitro.io/ Unfortunately they didn't implement the full CurveCP handshake, which provides b

Re: [cryptography] It's time for a Whistleblowing / Leaking Initiative for Cryptographer ?

2013-09-16 Thread Jeffrey Walton
On Mon, Sep 16, 2013 at 5:17 PM, Fabio Pietrosanti (naif) wrote: > http://threatpost.com/uk-cryptographers-call-for-outing-of-deliberately-weakened-protocols-products/102301 > Right now, whistle blowers are vilified in the US. Just ask Jesselyn Radack, Thomas Drake, William Binney, Bradley Manning

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Fabio Pietrosanti (naif)
Il 9/17/13 12:10 AM, Tony Arcieri ha scritto: > On Mon, Sep 16, 2013 at 4:45 AM, Marco Pozzato > wrote: > > I'm looking for an asynchronous messaging protocol with support > for forward secrecy > > > There's also Nitro, which is a CurveCP derivative: > > http://

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Tony Arcieri
On Mon, Sep 16, 2013 at 3:22 PM, Fabio Pietrosanti (naif) < li...@infosecurity.ch> wrote: > Shouldn't we first try to improve Internet Standard, and only after look > for custom (and usually not interoperable) implementation? > Well, if you want a forward secrecy for asynchronous communication u

Re: [cryptography] Asynchronous forward secrecy encryption

2013-09-16 Thread Trevor Perrin
On Mon, Sep 16, 2013 at 3:36 PM, Tony Arcieri wrote: > On Mon, Sep 16, 2013 at 3:22 PM, Fabio Pietrosanti (naif) > wrote: >> >> Shouldn't we first try to improve Internet Standard, and only after look >> for custom (and usually not interoperable) implementation? > > > Well, if you want a forward

Re: [cryptography] Fatal flaw in Taiwanese smart card RNG

2013-09-16 Thread Jeffrey Goldberg
On 2013-09-16, at 11:56 AM, Seth David Schoen wrote: > Well, there's a distinction between RNGs that have been maliciously > designed and RNGs that are just extremely poor This has been something that I’ve been trying to learn more about in the past week or so. And if this message isn’t really

Re: [cryptography] Fatal flaw in Taiwanese smart card RNG

2013-09-16 Thread James A. Donald
On 2013-09-17 02:56, Seth David Schoen wrote: Well, there's a distinction between RNGs that have been maliciously designed and RNGs that are just extremely poor (or just are inadequately seeded but their designers or users don't realize this). It sounds like such extremely poor RNGs are getting