Re: [cryptography] Designing a key stretching crypto that maximize use of WebCrypto?

I'm curious how PBKDF2 compares. On Sun, May 3, 2015 at 11:10 PM Fabio Pietrosanti (naif) - lists < li...@infosecurity.ch> wrote: > Hi all, > > testing the lovely slowness of a pure scrypt implementation in > javascript running into the browser, i was wondering anyone ever tried > to think/design

Re: [cryptography] random number generator

There's an implementation of Fortuna, which is a computationally secure PRNG, in PyCrypto: https://github.com/dlitz/pycrypto/tree/master/lib/Crypto/Random/Fortuna Unfortunately, gathering entropy is rather non-generic; otherwise decentish operating systems get this wrong. The various BSDs' source

Re: [cryptography] caring harder requires solving once for the most demanding threat model, to the benefit of all lesser models

On Wed, Oct 15, 2014 at 7:13 AM, ianG wrote: > :) em, close, I advocate direct and sole use of your platform's RNG. > Rule #1: > > http://iang.org/ssl/hard_truths_hard_random_numbers.html > > 1. Use what your platform provides. Random numbers are hard, which is > the first thing you have to rememb