lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: yossarian at planet.nl (yossarian)
Subject: RE: [ISN] DARPA pulls OpenBSD funding

>> is getting really hard. Anyway, underneath it is probably US anyway.
Another
>> customer decided to get rid of american crypto software, since he is
afraid
>> of economic espionage by No such 'n such Agency, helping his us based
>> competitors. The Brussels incident didn't really help here.These
politically

>So, what does he use for UNIX password encryption; MD5 (Ron Rivest, USA)
>or Blowfish (Bruce Schneier, USA)?  For PGP hashes?

IDEA is russian, and the password hashes are not obvious to him, so no issue
yet. But moving to IDEA is a distinct possibility - the PGP used already is
IDEA, but also MD5. Viz-a-viz Blowfish - having to decide on what block
cipher is interesting, we are to move to AES, - belgian, made by these very
friendly people in Leuven. The fact that the US adopted it, does not make it
US. Belgium being a strong opposer to Bush' politics makes it a very good
possibility. Will look in these people's other work as well, SHARK and
SQUARE.

- but ah, implementations... any cryptosystem out there uses a combination
of ciphers
for its various roles, so going around MD5 or SHA will be harder, SHA being
NIST stuff.but I need a MAC.

>>It's a little difficult to completely avoid US products in the
>>encryption field.  And if your response is along the lines of "Open
>> Source, can't hide anything", I'll save time and summarize my rebuttal
>> now; DES, Differential Cryptanalysis, NSA, 20 years.

DES was built, when the Lucifer-project was partly manned by them, all they
did was withhold the weakness found for 12 years. And no, i am not an open
source kind of person, but i feel it is being forced on me by circumstances.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ