On 4/30/16, str4d wrote:
> On 27/04/16 22:31, grarpamp wrote:
>> Yep :) And I know Bernhard was hoping to get in touch with Roger
>> on this before long.
>>
>> Basically, prop224 HS being wider than 80 bits will break onioncat's
>> current HS onion <---> IPv6 addressing mechanism.
>>
>> They're lo
Peter Schwabe writes:
>
> isis wrote:
>
> Hi all,
>
> > Nope, it would still not work to fix the timing attack. Although,
luckily, we
> > already wrote some constant time code for my sorting-network idea, and then,
> > with some coffee, Peter made it faster. (Give us something stronger to
d
Granted that this is an experimental implementation (as acknowleged by the
Boring devs) in a very different protocol with different tradeoffs.
On Thu, May 19, 2016 at 2:42 PM Yawning Angel
wrote:
> On Thu, 19 May 2016 17:21:47 +
> Deirdre Connolly wrote:
>
> > Not sure if this has been note
On Thu, 19 May 2016 17:21:47 +
Deirdre Connolly wrote:
> Not sure if this has been noted before on this thread, but the
> BoringSSL team is working on something very similar:
>
> https://boringssl-review.googlesource.com/#/c/7962/
Skimming the code:
* The protocol level stuff is not usefu
Not sure if this has been noted before on this thread, but the BoringSSL
team is working on something very similar:
https://boringssl-review.googlesource.com/#/c/7962/
On Thu, May 19, 2016 at 1:01 PM Yawning Angel
wrote:
> On Tue, 17 May 2016 17:49:46 + (UTC)
> lukep wrote:
> > > [snip]
>
On Tue, 17 May 2016 17:49:46 + (UTC)
lukep wrote:
> > [snip]
> > > In other words, I'd expect our future trust in Ring-LWE and SIDH
> > > to evolve in different ways. And counting papers will not be
> > > informative.
> >
> > Yeah probably. I can envision having no choice but to use S
ban...@openmailbox.org transcribed 7.3K bytes:
> This brings up another point that digresses from the discussion:
>
> Dan and Tanja support more conservative systems like McEliece because it
> survived decades of attacks. In the event that cryptanalysis eliminates
> Lattice crypto, McEliece will r
