Conversation
Notices
-
Embed this notice
feld (feld@bikeshed.party)'s status on Thursday, 02-Nov-2023 12:52:35 JST 
feld
@drwho @cendyne DJB is a usually right so I'll get the popcorn :munch: -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 02-Nov-2023 13:08:39 JST 
Haelwenn /элвэн/ :triskell:
@feld @cendyne @drwho Seems like popcorn indeed…
https://blog.cr.yp.to/20231023-clumping.htmlfeld likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 06-Nov-2023 12:37:39 JST
Haelwenn /элвэн/ :triskell:
@SteveBellovin @jpgoldberg @feld @cendyne @drwho That's unrelated to QC though, and I think it should have got fixed immediately after Snowden revelations (spoilers: It's not fixed at all) with things like PFS and easy key-rotation.
Sadly it not. -
Embed this notice
Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Monday, 06-Nov-2023 12:37:43 JST 
Steve Bellovin
@jpgoldberg @lanodan @feld @cendyne @drwho The issue, especially for national security-related traffic, is recorded traffic.
-
Embed this notice
Jeffrey Goldberg (jpgoldberg@ioc.exchange)'s status on Monday, 06-Nov-2023 12:37:44 JST 
Jeffrey Goldberg
@lanodan @feld @cendyne @drwho
Mostly I feel that it is too early to be standardizing PQC. The process has helped discover problems, with SIKE for example, and so is good thing. But I don’t think we are ready to codify winners.
We really do have time. Work on PQC remains well ahead of any cryptographically relevant QC.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 06-Nov-2023 13:08:22 JST
Haelwenn /элвэн/ :triskell:
@SteveBellovin @jpgoldberg @feld @cendyne @drwho Err, right, "unrelated" isn't exactly the right word, but QC doesn't needs to exits for this to be an issue.
Recorded traffic is always an issue when it comes to cryptography, and the lack of those mitigations means it's very easy to break a key before it's changed, or typically never changed at all in cases like cryptographic identities. -
Embed this notice
Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Monday, 06-Nov-2023 13:08:24 JST
Steve Bellovin
@lanodan @jpgoldberg @feld @cendyne @drwho It absolutely is related. Assume something like signed Diffie-Hellman to establish a session key. DH, including ECDH, can be cracked by a quantum computer; rotating the signing keys doesn't help. Changing DH moduli more frequently might increase the cost to the attacker, since they can no longer precompute stuff for a fixed modulus, but they can still crack the new one. And there is stuff that is kept classified for decades—I've seen the redactions.
-
Embed this notice
Jeffrey Goldberg (jpgoldberg@ioc.exchange)'s status on Wednesday, 08-Nov-2023 07:20:48 JST
Jeffrey Goldberg
@SteveBellovin @lanodan @feld @cendyne @drwho, I agree that the issue about recorded traffic. But QC isn’t the only thing to worry about with a 30 year horizon.
I fully advocate intensive research in PQC. And QC isn’t the only reason to want to ditch crypto now harder than discreet log and factoring problems. But I feel like we are still learning things “too fast” to actually standardize.
The best argument for standardizing I’ve heard is that we are learning things so fast because we are trying to adopt standards.
Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice
All GNU social JP content and data are available under the