Re: [guardian-dev] pgp, nsa, rsa
----- Forwarded message from Billy Gray <wgray@zetetic.net> ----- Date: Tue, 10 Sep 2013 14:32:02 -0400 From: Billy Gray <wgray@zetetic.net> To: Aaron Lux <a@aaronlux.com> Cc: Guardian Dev <guardian-dev@lists.mayfirst.org> Subject: Re: [guardian-dev] pgp, nsa, rsa Do you guys follow Matthew Green? Great stuff: http://blog.cryptographyengineering.com/2013/09/on-nsa.html http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fix... I think he does a good job of breaking down what's in these recent reports. It's a good thing to send to people who read the NY Times report and think that all crypto is now broken (like a friend of mine asked me at NWC yesterday). And then there was this: http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-taked... One more question: any of y'all used libTomCrypt? We have an experimental implementation of it in SQLCipher. Open-source alternatives to OpenSSL could use some love. DJB's NaCl is neat, too. Curious if you guys are leery of relying so heavily on OpenSSL, given the above. http://libtom.org/?page=features&newsitems=5&whatfile=crypt http://nacl.cr.yp.to Cheers, Billy On Tue, Sep 10, 2013 at 11:17 AM, Aaron Lux <a@aaronlux.com> wrote:
NSA’s mission includes deciphering enciphered communications is not a secret, and is not news*. I am concerned the nytimes.com article will have the effect of causing the public to lose trust in all encryption including open-source algorithms. Hopefully people realize reviewing source code for encryption algorithms** is much more relaxing than reading the NY Times.
* nsa.gov states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”
** ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2 and
http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar....
Look at the top and bottom of every page: TOP SECRET//SI//TK//NO FORN. This is a secret document.
Cheers, Michael
_______________________________________________ Guardian-dev mailing list
Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net
You are subscribed as: wgray@zetetic.net
-- Team Zetetic http://zetetic.net _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
One more question: any of y'all used libTomCrypt? We have an experimental implementation of it in SQLCipher. Open-source alternatives to OpenSSL could use some love. DJB's NaCl is neat, too. Curious if you guys are leery of relying so heavily on OpenSSL, given the above.
LTC is my preferred place to start with a crypto library. It's just brilliant in design. Jon
Il 9/11/13 10:38 AM, Eugen Leitl ha scritto:
One more question: any of y'all used libTomCrypt? We have an experimental implementation of it in SQLCipher. Open-source alternatives to OpenSSL could use some love. DJB's NaCl is neat, too. Curious if you guys are leery of relying so heavily on OpenSSL, given the above.
We used LibTomCrypt while implementing the independent OSS Zorg ZRTP implementation stack: https://github.com/privatewave/zrtp-cpp Fabio
participants (3)
-
Eugen Leitl -
Fabio Pietrosanti (naif) -
Jon Callas