On 6/30/15 9:12 AM, Ryan Carboni wrote:
Yes, until this specific combination becomes widespread enough that
there's sufficient incentive to produce ASICs for it.
YesCrypt is more modern. Use that.
Give me as a gift a Javascript based implementation of Yescrypt and i'd
love to
specialized-ASIC to
attack a specific crypto, it's obviously going to cost more.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
with PGPy.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
___
cryptography mailing list
cryptography@randombit.net
http
On 5/14/15 2:29 PM, Jeffrey Walton wrote:
Just bike shedding, but I don't think that's fair to WebCrypto.
WebCrypto provides a standard set of primitives, like hahses. But the
selected hashes are designed to be fast, and not slow or memory hard.
So comparing a WebCrypto PBKDF based on
On 5/8/15 2:34 AM, Solar Designer wrote:
On Mon, May 04, 2015 at 11:48:25AM +0200, Fabio Pietrosanti (naif) - lists
wrote:
Also for upcoming implementation extending scrypt concept, like
yescrypt/yescrypt-lite it would be very interesting to think how to make
it faster in the context
Hi all,
testing the lovely slowness of a pure scrypt implementation in
javascript running into the browser, i was wondering anyone ever tried
to think/design an cryptosystem for key stretching purposes that
leverage only existing webcrypto API
(https://www.chromium.org/blink/webcrypto) with the
to deliver quasi-native
performance in the browser would be cool.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
___
cryptography
engaging in metrics to evaluate the security of an
OpenPGP implementation and/or already evaluated PGPy/OpenPGP-Python ?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
given his inability to build a
single-hardware-highly-optimized ASIC/FPGA cracking cluster, compared to
the same amount of additional computation by using a single
cryptographic primitive?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http
on bringing the
best security that they can effectively leverage for their context of
operation, then you're making them safer.
Perfectly safe? No.
But it's just hypocrisy to think that technology can gives perfect
safety, as technology it's only part of the picture.
--
Fabio Pietrosanti (naif)
HERMES
attack
vectors to attack the cryptosystem.
The approach previously described, from a real world attack scenario
perspective, does make sense as a on steroid key-stretching approach?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org
On 3/13/15 3:11 PM, Solar Designer wrote:
Because SRP protocol is cool, but i'm really wondering if the default
methods are strong enough against bruteforcing.
They are not.
That was my concern.
Does anyone ever tried to make SRP authentication protocol
extensions/specs to work with
vs. SRP's server-side storage of passwords?
Does anyone ever considered that kind of problem?
Because SRP protocol is cool, but i'm really wondering if the default
methods are strong enough against bruteforcing.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human
implementation that try to leverage the
WebCrypto API?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
___
cryptography mailing
to articulate an
answer! :)
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
___
cryptography mailing list
cryptography
On 3/11/15 12:42 PM, stef wrote:
On Wed, Mar 11, 2015 at 11:53:35AM +0100, Fabio Pietrosanti (naif) - lists
wrote:
at GlobaLeaks we're undergoing implementation of client-side encryption
with server-side storage of PGP Private keys.
i didn't get the memo, that js in browsers is now the way
http://www.enisa.europa.eu/media/press-releases/securing-personal-data-enisa-guidelines-on-cryptographic-solutions
+
algorithms, key size and parameters report 2014:
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/
-naif
Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
, but it's not required to fix the massive interception, that's
passive.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing
I'm strongly against most the ideas to abbandon current email systems,
because the results will be to create wallet garden.
We need something interoperable with existing systems or the system will
just be used by a bunch of paranoid people or fostered by the marketing
of few cryptography company
on a Linux system?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing list
cryptography@randombit.net
http
you think?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
Hi Eugen,
did you evaluated about leveraging existing Tor network properties by
running Dissentr over Tor network by default, to achieve some better
security properties?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http
http://threatpost.com/uk-cryptographers-call-for-outing-of-deliberately-weakened-protocols-products/102301
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
the most simple and effective approach to defeat this kind of correlation.
However this does not work on very low-traffic globaleaks node.
What do you think?
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http
on this they
should not be able to distinguish normal Tor user (or people loading the
cover traffic widget) from the whistleblower.
Thanks in advance for opinion!
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org
source code code base to each SilentCircle application's release.
Now Github code is 6 months old.
This would allow inspection of code before upgrade, additionally
improving the transparency.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http
/Mozilla_2/XPCOM_and_Binary_Embedding
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
___
cryptography mailing list
cryptography@randombit.net
http
Server based on Twisted http://wokkel.ik.nu/
- TxTorCon, to manage Tor process https://github.com/meejah/txtorcon
- Pyinstaller to make windows/macosx package http://www.pyinstaller.org/
- Cyclone, to make web interface to manage it easily
https://github.com/fiorix/cyclone
--
Fabio Pietrosanti
/264
Widget to create Cover Traffic to Tor2web sites exposing GlobaLeaks
https://github.com/globaleaks/GlobaLeaks/issues/263
PGP Encryption of Email Notification
https://github.com/globaleaks/GlobaLeaks/issues/187
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
32 matches
Mail list logo