Re: [Cryptography] RSA Crypto is officially insecure due to NIST
On Sun, Apr 2, 2017 at 5:49 PM, Tom A. <thomasasta@googlemail.com> wrote:
On Sun, Apr 2, 2017 at 11:21 PM, grarpamp <grarpamp@gmail.com> wrote:
WARNING
#RSA Crypto is insecure: http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
GoldBug.sf.net seems to be the only Messenger & Email Client using NTRU or McEliece in an open source implementation, both are considered as quantum resistant.
With all due respect, it could be great software, however historical evidence shows that you absolutely *must* prove that out
All can do that, its open source.
You need to seriously search, research, evaulate, and audit even here: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf
Of course we should not discount new so called "auditors" whose names have "never been heard of before", everyone deserves free entry into the business. But we should thoroughly examine their statements as to their correctness, and herald or return for reexamination their assertions upon review. Suggestion has arisen in the community that these assertions by said authors does infact need more review before being accepted. Do *not* expect to escape that requirement.
In the case of RSA, Shor's algorithm transforms integer factorization into a polynomial-time exercise. And quantum-resistance is an important term. Other algorithms, including AES, may require longer keys. Research. And, snake oil. https://www.amazon.com/Nature-Computation-Cristopher-Moore/dp/0199233217/ref=sr_1_1?ie=UTF8&qid=1491146644&sr=8-1&keywords=nature+of+computation Chapter 15.
See also quantum circuits. http://www-bcf.usc.edu/~tbrun/Course/lecture11.pdf
And you tested the apps over Tor?
As higlighted many times before, you routinely just go off into random tangents in attempts to divert relavant critiques of your work. That's fatal. And everytime people have to call you out on it is doubly fatal. Don't get me wrong, I want all good applications to succeed, but authors have to step up to the plate in some fashion before that, to prove that they are good. There is substantial question as to if that's the case here. Step up.
On Sun, Apr 2, 2017 at 11:42 PM, Jan Dušátko <jan@dusatko.org> wrote:
but I afraid that we are years from successful implementation. From other point, the quantum computing contest has been started
NTRU is open source and implemented, also McEliece even with Fujisaki-Okamoto for IND-CCA2! Open Source.
Regards Tom
Being another Satoshi or Complication is fine, no problem, that's an entirely valid aproach. But expect the ramifications therein, and have means, even more means, to support that ideal.
On Sun, Apr 02, 2017 at 07:18:57PM -0400, grarpamp wrote:
On Sun, Apr 2, 2017 at 5:49 PM, Tom A. <thomasasta@googlemail.com> wrote:
On Sun, Apr 2, 2017 at 11:21 PM, grarpamp <grarpamp@gmail.com> wrote:
WARNING
#RSA Crypto is insecure: http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
GoldBug.sf.net seems to be the only Messenger & Email Client using NTRU or McEliece in an open source implementation, both are considered as quantum resistant.
With all due respect, it could be great software, however historical evidence shows that you absolutely *must* prove that out
All can do that, its open source.
You need to seriously search, research, evaulate, and audit even here: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf
Of course we should not discount new so called "auditors" whose names have "never been heard of before", everyone deserves free entry into the business. But we should thoroughly examine their statements as to their correctness, and herald or return for reexamination their assertions upon review.
Any auditor who fails to mention at least by reference to, the substantial concerns raised on this list over the years re the "goldbug" software and people and their public communications, is also prima facie suspect.
This is true. Is it not the job of every competent auditor to perform even the most simplistic of searches. and address that, of that which they claim to audit?
participants (2)
-
grarpamp -
Zenaan Harkness