lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Dec 2014 09:57:15 +0800
From: Ben Harris <ben@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Re: Some KDF stumbling blocks, plus Common

On 16 December 2014 at 12:57, Adam Back <adam@...herspace.org> wrote:

> On 14 December 2014 at 16:24, Thomas Pornin <pornin@...et.org> wrote:
> > That kind of thing could be handled "procedurally". For instance,
> > some sort of ceremony where a few well-known persons gather together
> > (people with high programming expertise), implement a RSA modulus
> > generator that does not save the private factors, and run it.
>
> There is no procedure known to man that can not be simulated with
> video editing, preparation etc.  This issue has been discussed at
> length in the context of the trapdoors in zerocoin & zerocash.  It
> wont fly.  The failure-mode is catastrophic and the financial
> motivation $billions and the trust assumptions diverse.
>

A naive question based on my limited knowledge of cool terms like abelian
groups - if you did this using elliptic curves could you not worry about
the security of pq? And just suffer the once off work to calculate y. Or
does the math not carry over to elliptic curves?

Content of type "text/html" skipped

Powered by blists - more mailing lists