Re: [cryptography] pie in sky suites - long lived public key pairs for persistent identity

I agree, multisignatures seem prudent. So does multiple public key encryption algorithms for symmetric key exchange. Why risk a breakthrough against one? Cheers, William -Original Message- From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf Of Peter Todd Sent: Friday

Re: [cryptography] ntru-crypto - Open Source NTRU Public Key Cryptography Algorithm and Reference Code

Yes, we're looking at ways to extend the open source grant. GPL will most likely be only the first step. William - sent from my phone On Nov 28, 2013 5:14 AM, "CodesInChaos" wrote: > Have you considered a patent licence that applies to all open source > software, similar to Rogaway's OCB Licens

Re: [cryptography] ntru-crypto - Open Source NTRU Public Key Cryptography Algorithm and Reference Code

We’re getting a lot of feedback that this isn’t clear, and we’ll make sure it is clarified. Also, it’s not clear that this grant is meant to be irrevocable; we’ll fix that too. William *From:* William Whyte [mailto:wwh...@securityinnovation.com] *Sent:* Wednesday, November 27, 2013 6:40 PM

Re: [cryptography] ntru-crypto - Open Source NTRU Public Key Cryptography Algorithm and Reference Code

It's meant to be 2 and later. Sorry if this isn't clear, we'll revise the license text. William - sent from my phone On Nov 27, 2013 6:28 PM, "Lars Luthman" wrote: > So the news is that it can be used for GPL software without patent > issues? If so that's nice, but the various documents are a b

Re: [cryptography] [Bitcoin-development] Preparing for the Cryptopocalypse

Just to be clear, NIST haven't endorsed NTRU for use, but they did speak favourably of it in a report on quantum-secure crypto. William On Mon, Aug 5, 2013 at 7:04 AM, Eugen Leitl wrote: > - Forwarded message from Gregory Maxwell - > > Date: Sun, 4 Aug 2013 23:41:57 -0700 > From: Greg

Re: [cryptography] cryptanalysis of 923-bit ECC?

Does anyone know if this attack took the expected amount of time (confirming the strength of this particular curve), or significantly less (in which case it’s something to be concerned about)? William *From:* cryptography-boun...@randombit.net [mailto: cryptography-boun...@randombit.net] *On

Re: [cryptography] Proving knowledge of a message with a given SHA-1 without disclosing it?

You can obviously prove it in the case where Alice claims she knows SHA-1(SHA-1(m)), which seems to be the same claim. William > -Original Message- > From: cryptography-boun...@randombit.net [mailto:cryptography- > boun...@randombit.net] On Behalf Of Francois Grieu > Sent: Wednesday, Febr

Re: [cryptography] How are expired code-signing certs revoked?

> > But really, I think that code signing is a great thing, it's just being done > wrong because some people seem to think that spooky action at a distance > works with bits. > > The question at hand is this: what is the meaning of expiration or revocation > of a code-signing certificate? That I c

Re: [cryptography] How are expired code-signing certs revoked?

@randombit.net; pgut...@cs.auckland.ac.nz; wwh...@securityinnovation.com Subject: RE: [cryptography] How are expired code-signing certs revoked? William Whyte writes: >I would say that you shouldn't *install* signed software after the >signing cert expires, but if you installed it before expiry

Re: [cryptography] How are expired code-signing certs revoked?

Cute scenario! I would say that you shouldn't *install* signed software after the signing cert expires, but if you installed it before expiry it's still safe to use it. In general, you shouldn't act based on a certificate if you don't know it's trustworthy (obviously), but the action in question