Re: [cryptography] Scrypt hardware optimized miner

On 6/30/15 9:12 AM, Ryan Carboni wrote: Yes, until this specific combination becomes widespread enough that there's sufficient incentive to produce ASICs for it. YesCrypt is more modern. Use that. Give me as a gift a Javascript based implementation of Yescrypt and i'd love to

[cryptography] Scrypt hardware optimized miner

specialized-ASIC to attack a specific crypto, it's obviously going to cost more. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi

Re: [cryptography] OpenPGP in Python: Security evaluations?

with PGPy. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi ___ cryptography mailing list cryptography@randombit.net http

Re: [cryptography] Designing a key stretching crypto that maximize use of WebCrypto?

On 5/14/15 2:29 PM, Jeffrey Walton wrote: Just bike shedding, but I don't think that's fair to WebCrypto. WebCrypto provides a standard set of primitives, like hahses. But the selected hashes are designed to be fast, and not slow or memory hard. So comparing a WebCrypto PBKDF based on

Re: [cryptography] Javascript scrypt performance comparison

On 5/8/15 2:34 AM, Solar Designer wrote: On Mon, May 04, 2015 at 11:48:25AM +0200, Fabio Pietrosanti (naif) - lists wrote: Also for upcoming implementation extending scrypt concept, like yescrypt/yescrypt-lite it would be very interesting to think how to make it faster in the context

[cryptography] Designing a key stretching crypto that maximize use of WebCrypto?

Hi all, testing the lovely slowness of a pure scrypt implementation in javascript running into the browser, i was wondering anyone ever tried to think/design an cryptosystem for key stretching purposes that leverage only existing webcrypto API (https://www.chromium.org/blink/webcrypto) with the

[cryptography] Javascript scrypt performance comparison

to deliver quasi-native performance in the browser would be cool. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi ___ cryptography

[cryptography] OpenPGP in Python: Security evaluations?

engaging in metrics to evaluate the security of an OpenPGP implementation and/or already evaluated PGPy/OpenPGP-Python ? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi

Re: [cryptography] Mixing multiple password hashing: Crypto Blasphemy or Useful approach?

given his inability to build a single-hardware-highly-optimized ASIC/FPGA cracking cluster, compared to the same amount of additional computation by using a single cryptographic primitive? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http

Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

on bringing the best security that they can effectively leverage for their context of operation, then you're making them safer. Perfectly safe? No. But it's just hypocrisy to think that technology can gives perfect safety, as technology it's only part of the picture. -- Fabio Pietrosanti (naif) HERMES

[cryptography] Mixing multiple password hashing: Crypto Blasphemy or Useful approach?

attack vectors to attack the cryptosystem. The approach previously described, from a real world attack scenario perspective, does make sense as a on steroid key-stretching approach? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org

Re: [cryptography] SRP 6a + storage of password's related material strength?

On 3/13/15 3:11 PM, Solar Designer wrote: Because SRP protocol is cool, but i'm really wondering if the default methods are strong enough against bruteforcing. They are not. That was my concern. Does anyone ever tried to make SRP authentication protocol extensions/specs to work with

[cryptography] SRP 6a + storage of password's related material strength?

vs. SRP's server-side storage of passwords? Does anyone ever considered that kind of problem? Because SRP protocol is cool, but i'm really wondering if the default methods are strong enough against bruteforcing. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human

[cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

implementation that try to leverage the WebCrypto API? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi ___ cryptography mailing

Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

to articulate an answer! :) -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi ___ cryptography mailing list cryptography

Re: [cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

On 3/11/15 12:42 PM, stef wrote: On Wed, Mar 11, 2015 at 11:53:35AM +0100, Fabio Pietrosanti (naif) - lists wrote: at GlobaLeaks we're undergoing implementation of client-side encryption with server-side storage of PGP Private keys. i didn't get the memo, that js in browsers is now the way

[cryptography] EU ENISA guidelines on Cryptographic solutions

http://www.enisa.europa.eu/media/press-releases/securing-personal-data-enisa-guidelines-on-cryptographic-solutions + algorithms, key size and parameters report 2014: http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/ -naif

[cryptography] Preventing Timing Correlation Attacks on XMPP chats?

Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Email is unsecurable

, but it's not required to fix the massive interception, that's passive. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing

Re: [cryptography] [Cryptography] Email is unsecurable

I'm strongly against most the ideas to abbandon current email systems, because the results will be to create wallet garden. We need something interoperable with existing systems or the system will just be used by a bunch of paranoid people or fostered by the marketing of few cryptography company

[cryptography] Quality of HAVEGE algorithm for entropy?

on a Linux system? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing list cryptography@randombit.net http

[cryptography] Opportunistic encryption of modern web application without https

you think? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net

Re: [cryptography] Dissentr: A High-Latency Overlay Mix Network

Hi Eugen, did you evaluated about leveraging existing Tor network properties by running Dissentr over Tor network by default, to achieve some better security properties? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http

[cryptography] It's time for a Whistleblowing / Leaking Initiative for Cryptographer ?

http://threatpost.com/uk-cryptographers-call-for-outing-of-deliberately-weakened-protocols-products/102301 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org

Re: [cryptography] Asynchronous forward secrecy encryption

? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo

[cryptography] Forward Secrecy Extensions for OpenPGP: Is this still a good proposal?

Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Preventing Time Correlation Attacks on Leaks: Help! :-)

the most simple and effective approach to defeat this kind of correlation. However this does not work on very low-traffic globaleaks node. What do you think? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http

[cryptography] Preventing Time Correlation Attacks on Leaks: Help! :-)

on this they should not be able to distinguish normal Tor user (or people loading the cover traffic widget) from the whistleblower. Thanks in advance for opinion! -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org

Re: [cryptography] open letter to Phil Zimmermann and Jon Callas of Silent Circle, re: Silent Mail shutdown

source code code base to each SilentCircle application's release. Now Github code is 6 months old. This would allow inspection of code before upgrade, additionally improving the transparency. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http

Re: [cryptography] DeCryptocat

/Mozilla_2/XPCOM_and_Binary_Embedding -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org ___ cryptography mailing list cryptography@randombit.net http

Re: [cryptography] DeCryptocat

Server based on Twisted http://wokkel.ik.nu/ - TxTorCon, to manage Tor process https://github.com/meejah/txtorcon - Pyinstaller to make windows/macosx package http://www.pyinstaller.org/ - Cyclone, to make web interface to manage it easily https://github.com/fiorix/cyclone -- Fabio Pietrosanti

Re: [cryptography] Potential funding for crypto-related projects

/264 Widget to create Cover Traffic to Tor2web sites exposing GlobaLeaks https://github.com/globaleaks/GlobaLeaks/issues/263 PGP Encryption of Email Notification https://github.com/globaleaks/GlobaLeaks/issues/187 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights