Re: First quantum gates in silicon
On 06-10-2015 16:07, Robert J. Hansen wrote: > Australian researchers have figured out how to make a quantum gate on a > silicon chip. This is interesting work, because we've spent a *lot* of > money learning how to etch silicon. Being able to build quantum gates > on the same material that our current systems use is really important > from an engineering perspective. > > So far they've only been able to build a two-qubit chip. This means > there's absolutely nothing to panic over. Still, it's fascinating news. > We live in interesting times. :) > > http://www.engineering.unsw.edu.au/news/quantum-computing-first-two-qubit-logic-gate-in-silicon I just saw this posted in sci.crypt: http://arstechnica.com/security/2015/10/nsa-advisory-sparks-concern-of-secret-advance-ushering-in-cryptoapocalypse/ Short quote from the article linked to above: In August, National Security Agency officials advised US agencies and businesses to prepare for a not-too-distant time when the cryptography protecting virtually all sensitive government and business communications is rendered obsolete by quantum computing. The advisory recommended backing away from plans to deploy elliptic curve cryptography, a form of public key cryptography that the NSA spent the previous 20 years promoting as more secure than the older RSA cryptosystem. Almost immediately, the dramatic about-face generated questions and anxiety. Why would the NSA abruptly abandon a series of ECC specifications it had championed for so long? Why were officials issuing the advice now when a working quantum computer was 10 to 50 years away, and why would they back away from ECC before recommending a suite of quantum-resistant alternatives? The fact that the NSA was continuing to endorse use of RSA, which is also vulnerable to quantum computing, led some observers to speculate there was a secret motivation that had nothing to do with quantum computing. On Tuesday, researchers Neal Koblitz and Alfred J. Menezes published a paper titled A Riddle Wrapped in an Enigma that compiles some of the competing theories behind the August advisory. The researchers stressed that that their paper isn't academic and at times relies on unsourced facts and opinions. And sure enough, some of the theories sound almost conspiratorial. Still, the paper does a good job of evaluating the strengths and weaknesses of the NSA's highly unexpected abandonment of ECC in a post quantum crypto (PQC) world. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: First quantum gates in silicon
On 23/10/2015 08:54, Johan Wevers wrote: > I just saw this posted in sci.crypt: > > http://arstechnica.com/security/2015/10/nsa-advisory-sparks-concern-of-secret-advance-ushering-in-cryptoapocalypse/ > > Short quote from the article linked to above: > > In August, National Security Agency officials advised US agencies > and businesses to prepare for a not-too-distant time when the > cryptography protecting virtually all sensitive government and > business communications is rendered obsolete by quantum computing. > The advisory recommended backing away from plans to deploy elliptic > curve cryptography, a form of public key cryptography that the NSA > spent the previous 20 years promoting as more secure than the older > RSA cryptosystem. > > Almost immediately, the dramatic about-face generated questions and > anxiety. Why would the NSA abruptly abandon a series of ECC > specifications it had championed for so long? Why were officials > issuing the advice now when a working quantum computer was 10 to 50 > years away, and why would they back away from ECC before > recommending a suite of quantum-resistant alternatives? The fact > that the NSA was continuing to endorse use of RSA, which is also > vulnerable to quantum computing, led some observers to speculate > there was a secret motivation that had nothing to do with quantum > computing. > > On Tuesday, researchers Neal Koblitz and Alfred J. Menezes > published a paper titled A Riddle Wrapped in an Enigma that > compiles some of the competing theories behind the August advisory. > The researchers stressed that that their paper isn't academic and > at times relies on unsourced facts and opinions. And sure enough, > some of the theories sound almost conspiratorial. Still, the paper > does a good job of evaluating the strengths and weaknesses of the > NSA's highly unexpected abandonment of ECC in a post quantum crypto > (PQC) world. Sounds like an attempt as mass reverse psychology to me... -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Direct signatures
Hello, Is there any way make GNUPG or libgpgme generate a signature from an externally-computed hash? My justifications for this are twofold: 1. Isolation---by removing the need for gpg to see the original data, it becomes possible to perform signatures on a system that is completely isolated, at least as far as incoming data goes. 2. Process separation---I have ideas involving SELinux that I would like to experiment with, and doing so requires that tasks be split at the process level as I understand. Thanks, Lachlan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Direct signatures
Hi Lachlan, At Fri, 23 Oct 2015 10:58:22 +0200, Lachlan Gunn wrote: > Is there any way make GNUPG or libgpgme generate a signature from an > externally-computed hash? My justifications for this are twofold: In theory yes, in practice no. To generate an OpenPGP signature, the OpenPGP implementation hashes the concatenation of the data and some metadata. That is, it computes: H(data || metadata). Thus, to do what you want you'd need to give GnuPG not the hash of the data, but the internal state of the hash function before it appends the metadata. Unfortunately, the internal state is implementation and platform dependent. If OpenPGP computed signatures as follows: H(H(data) || metadata), then what you wanted would be straightforward to implement. > 1. Isolation---by removing the need for gpg to see the original data, > it becomes possible to perform signatures on a system that is > completely isolated, at least as far as incoming data goes. > > 2. Process separation---I have ideas involving SELinux that I would > like to experiment with, and doing so requires that tasks be split at > the process level as I understand. There are two ways around this: - You can run gpg on one machine / user account and gpg-agent on another. (Look up the extra-socket option in the GnuPG manual.) Note: I briefly cover this in my "An Advanced Introduction to GnuPG" presentation, which was recorded at RMLL: https://2015.rmll.info/introduction-avancee-sur-gnupg?lang=en - Have GnuPG sign the hash of the data. That is, use something like sha256sum to compute a hash of the data, transfer the hash to the machine running gpg and sign that data. This adds a level of indirection, which the person verifying the hash needs to deal with. :) Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: First quantum gates in silicon
> http://arstechnica.com/security/2015/10/nsa-advisory-sparks-concern-of-secret-advance-ushering-in-cryptoapocalypse/
Interesting. It's worth remembering, though, that users who have a
50-year writ-in-stone absolute need for security are, by their very
nature, going to be paranoid gits. :)
Imagine that you lived in 1965 and were responsible for composing
communications security standards that had to keep secrets safe until
2015. How paranoid would you be? It's easy to not be paranoid enough
(in the '80s, Ron Rivest doubted a 512-bit composite would ever be
factored; today, RSA-512 is a sad joke) and easy to be too paranoid ("we
must consider the possibility space aliens will appear with technology
beyond mortal ken"). Hitting the sweet spot is pretty hard.
If I was writing a 50-year standard today, I'd probably be concerned
about modest-sized quantum computers. ECC is vulnerable to these; RSA,
DSA and Elgamal really aren't. To efficiently solve discrete logs with
Shor's algorithm requires twice as many qubits as there are bits in the
number. A 256-bit ECC key, providing ~128 shannons of uncertainty,
could be efficiently broken by a 512-qubit computer. An RSA-3072 key,
providing ~128 shannons of uncertainty, would require a 6144-qubit
keybreaker.
This is all off the top of my head: it's been a long time since I've
looked at Shor's. I may be off on my numbers.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: libgrypt in Wikipedia? (help wanted)
On Thursday 22 October 2015 at 19:03:24, Martin Behrendt wrote: > I don't consider myself a Wikipedia author but I followed "Sei mutig". ; > ) Thanks! It seems that the page https://en.wikipedia.org/wiki/Comparison_of_Cryptography_Libraries is not well linked yet, but maybe it will be at some point! Bernhard -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: libgrypt in Wikipedia? (help wanted)
On Fri, 23 Oct 2015 16:55, bernh...@intevation.de said: > https://en.wikipedia.org/wiki/Comparison_of_Cryptography_Libraries > is not well linked yet, but maybe it will be at some point! Although, I posted some data last night and Martin quickly updated the page, I am not sure whether that listing is really useful. It mixes crypto algorithms with high level protocols. For the latter there are other and well categorized comparison pages. I also makes me wonder that OpenSSL is missing from that chart. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Installing gpg2/commads?
Hello, are there some commands for installing the gnupg-w32-2.1.x_.exe (like -silent or -no_registry)? Sebastian ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
absolutely nothing to panic over
On 10/06/2015 02:07 PM, Robert J. Hansen - r...@sixdemonbag.org wrote: Australian researchers have figured out how to make a quantum gate on a silicon chip. [...] there's absolutely nothing to panic over. Yup, instead of panicking, we should simply acknowledge the fact that secret communication is not possible without out-of-channel key exchange. The dream of circumventing this fact of life with the alchemy called "public key cryptography" is quickly coming to its end. It was nice while it lasted, but now is the time to move on. Like every change of massive technical infrastructure built on weak foundations this will be difficult and there will be casualties, but mostly among those that refuse to abandon public key cryptography as soon as they possibly can. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: absolutely nothing to panic over
listo factor: > On 10/06/2015 02:07 PM, Robert J. Hansen - r...@sixdemonbag.org wrote: >> Australian researchers have figured out how to make a quantum gate on a >> silicon chip. [...] there's absolutely nothing to panic over. > > Yup, instead of panicking, we should simply acknowledge the fact > that secret communication is not possible without out-of-channel > key exchange. The dream of circumventing this fact of life with > the alchemy called "public key cryptography" is quickly coming > to its end. It was nice while it lasted, but now is the time to > move on. Like every change of massive technical infrastructure > built on weak foundations this will be difficult and there > will be casualties, but mostly among those that refuse to > abandon public key cryptography as soon as they possibly can. > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > H.., You say time to move on - but what? We may well still have public key cryptology - and avail ourselves of quantum physics on a silicon chip :) David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
