From eugen@leitl.org Wed Sep 11 04:38:47 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [guardian-dev] pgp, nsa, rsa Date: Wed, 11 Sep 2013 10:38:42 +0200 Message-ID: <20130911083842.GK10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2434866369200914598==" --===============2434866369200914598== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Billy Gray ----- Date: Tue, 10 Sep 2013 14:32:02 -0400 From: Billy Gray To: Aaron Lux Cc: Guardian Dev Subject: Re: [guardian-dev] pgp, nsa, rsa Do you guys follow Matthew Green? Great stuff: http://blog.cryptographyengineering.com/2013/09/on-nsa.html http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fixi= ng-mistakes.html I think he does a good job of breaking down what's in these recent reports. It's a good thing to send to people who read the NY Times report and think that all crypto is now broken (like a friend of mine asked me at NWC yesterday). And then there was this: http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedo= wn-blog-post-johns-hopkins One more question: any of y'all used libTomCrypt? We have an experimental implementation of it in SQLCipher. Open-source alternatives to OpenSSL could use some love. DJB's NaCl is neat, too. Curious if you guys are leery of relying so heavily on OpenSSL, given the above. http://libtom.org/?page=3Dfeatures&newsitems=3D5&whatfile=3Dcrypt http://nacl.cr.yp.to Cheers, Billy On Tue, Sep 10, 2013 at 11:17 AM, Aaron Lux wrote: > NSA=E2=80=99s mission includes deciphering enciphered communications is not= a > secret, and is not news*. I am concerned the nytimes.com article will > have the effect of causing the public to lose trust in all encryption > including open-source algorithms. Hopefully people realize reviewing > source code for encryption algorithms** is much more relaxing than > reading the NY Times. > > > * nsa.gov states that its mission includes leading =E2=80=9Cthe U.S. Govern= ment > in cryptology =E2=80=A6 in order to gain a decision advantage for the Natio= n and > our allies.=E2=80=9D > > ** ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2 and > > http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar= .gz > > > Look at the top and bottom of every page: TOP SECRET//SI//TK//NO FORN. > > This is a secret document. > > > > Cheers, > > Michael > > _______________________________________________ > Guardian-dev mailing list > > Post: Guardian-dev(a)lists.mayfirst.org > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: Guardian-dev-unsubscribe(a)lists.mayfirst.org > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net > > You are subscribed as: wgray(a)zetetic.net > --=20 Team Zetetic http://zetetic.net _______________________________________________ Guardian-dev mailing list Post: Guardian-dev(a)lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe(a)lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eug= en%40leitl.org You are subscribed as: eugen(a)leitl.org ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============2434866369200914598==-- From jon@callas.org Wed Sep 11 11:19:29 2013 From: Jon Callas To: cypherpunks@lists.cpunks.org Subject: Re: [guardian-dev] pgp, nsa, rsa Date: Wed, 11 Sep 2013 08:19:02 -0700 Message-ID: In-Reply-To: <20130911083842.GK10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3176096559049980097==" --===============3176096559049980097== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > One more question: any of y'all used libTomCrypt? We have an experimental > implementation of it in SQLCipher. Open-source alternatives to OpenSSL > could use some love. DJB's NaCl is neat, too. Curious if you guys are leery > of relying so heavily on OpenSSL, given the above. LTC is my preferred place to start with a crypto library. It's just brilliant= in design.=20 Jon --===============3176096559049980097==-- From lists@infosecurity.ch Wed Sep 11 11:36:49 2013 From: "Fabio Pietrosanti (naif)" To: cypherpunks@lists.cpunks.org Subject: Re: [guardian-dev] pgp, nsa, rsa Date: Wed, 11 Sep 2013 17:36:37 +0200 Message-ID: <52308E05.9070605@infosecurity.ch> In-Reply-To: <20130911083842.GK10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2206942065605150836==" --===============2206942065605150836== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Il 9/11/13 10:38 AM, Eugen Leitl ha scritto: > One more question: any of y'all used libTomCrypt? We have an experimental > implementation of it in SQLCipher. Open-source alternatives to OpenSSL > could use some love. DJB's NaCl is neat, too. Curious if you guys are leery > of relying so heavily on OpenSSL, given the above. We used LibTomCrypt while implementing the independent OSS Zorg ZRTP implementation stack: https://github.com/privatewave/zrtp-cpp Fabio --===============2206942065605150836==--