[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cryptography] RSA Crypto is officially insecure due to NIST

On Sun, Apr 2, 2017 at 5:49 PM, Tom A. <thomasasta at googlemail.com> wrote:
> On Sun, Apr 2, 2017 at 11:21 PM, grarpamp <grarpamp at gmail.com> wrote:
> #RSA Crypto is insecure:
> http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
>> > GoldBug.sf.net seems to be the only Messenger & Email Client using NTRU
>> > or
>> > McEliece in an open source implementation, both are considered as
>> > quantum
>> > resistant.
>> With all due respect, it could be great software, however historical
>> evidence shows that you absolutely *must* prove that out
> All can do that, its open source.
>>You need to seriously search, research, evaulate, and audit
> even here:
> https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf

Of course we should not discount new so called "auditors" whose
names have "never been heard of before", everyone deserves free
entry into the business. But we should thoroughly examine
their statements as to their correctness, and herald or return
for reexamination their assertions upon review.
Suggestion has arisen in the community that these assertions
by said authors does infact need more review before being accepted.
Do *not* expect to escape that requirement.

> In the case of RSA, Shor's algorithm transforms integer factorization into a
> polynomial-time exercise.
> And quantum-resistance is an important term. Other algorithms, including
> AES, may require longer keys. Research.
> And, snake oil.
> https://www.amazon.com/Nature-Computation-Cristopher-Moore/dp/0199233217/ref=sr_1_1?ie=UTF8&qid=1491146644&sr=8-1&keywords=nature+of+computation
> Chapter 15.
> See also quantum circuits.
> http://www-bcf.usc.edu/~tbrun/Course/lecture11.pdf
> And you tested the apps over Tor?

As higlighted many times before, you routinely just go off into random
tangents in attempts to divert relavant critiques of your work.
That's fatal. And everytime people have to call you out on it
is doubly fatal.
Don't get me wrong, I want all good applications to succeed,
but authors have to step up to the plate in some fashion
before that, to prove that they are good.
There is substantial question as to if that's the case here.
Step up.

> On Sun, Apr 2, 2017 at 11:42 PM, Jan Dušátko <jan at dusatko.org> wrote:
>> but I afraid that we are years from successful implementation. From other
>> point,
> the quantum computing contest has been started
> NTRU is open source and implemented, also McEliece
> even with Fujisaki-Okamoto for IND-CCA2! Open Source.
> Regards Tom

Being another Satoshi or Complication is fine, no problem,
that's an entirely valid aproach. But expect the ramifications
therein, and have means, even more means, to support that ideal.