@ryanc 'heck no'
Conversation
Notices
-
Embed this notice
F4GRX Sébastien (f4grx@chaos.social)'s status on Saturday, 13-Dec-2025 20:01:56 JST 
F4GRX Sébastien
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 13-Dec-2025 20:01:54 JST 
Ryan Castellucci (they/them) :nonbinary_flag:
@f4grx I note that there are implementations that exist, but they are bad.
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 14-Dec-2025 17:12:42 JST
Ryan Castellucci (they/them) :nonbinary_flag:
@hovav @f4grx @erincandescent @brouhaha Indeed. A 256 bit seed is good enough for anything.
-
Embed this notice
Hovav Shacham (hovav@infosec.exchange)'s status on Sunday, 14-Dec-2025 17:12:43 JST 
Hovav Shacham
@f4grx @erincandescent @ryanc @brouhaha That is very much not what a 256-bit PRNG gives you. Rather, the output is indistinguishable from truly random by any adversary not capable of 2256 computation—which is all of them.
-
Embed this notice
F4GRX Sébastien (f4grx@chaos.social)'s status on Sunday, 14-Dec-2025 17:12:45 JST
F4GRX Sébastien
@erincandescent @ryanc @brouhaha 256 bits of entropy to generate a 25519 key is okay, it's just bit tumbling. 256 bits of entropy to generate a full RSA2048 key is not, it means only one in 4 bits is random.
-
Embed this notice
Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Sunday, 14-Dec-2025 17:12:46 JST 
Erin 💽✨
@f4grx @brouhaha @ryanc i don’t see any problem with using a e.g. 256-bit seed to a DRBG into a known algorithm to generate the private key
in fact this is how e.g. ed25519 and ML-KEM are defined.
-
Embed this notice
F4GRX Sébastien (f4grx@chaos.social)'s status on Sunday, 14-Dec-2025 17:12:47 JST
F4GRX Sébastien
@brouhaha @ryanc yeah the idea that a whole private key can be found from a potentially very much shorter seed is frightening. salting does not even help here. the whole idea sounds *very bad* , I'm not even sure what "we do it on purpose" would work here.
-
Embed this notice
🇺🇦 haxadecimal 🚫👑 (brouhaha@mastodon.social)'s status on Sunday, 14-Dec-2025 17:12:48 JST 
🇺🇦 haxadecimal 🚫👑
@ryanc @f4grx
You mean, bad beyond the fact that the whole concept is bad? -
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 14-Dec-2025 21:28:39 JST
Ryan Castellucci (they/them) :nonbinary_flag:
@erincandescent @f4grx @hovav @brouhaha Absolutely. Though I am a bit focused on generation based on a seed plus a set of arbitrary key/value pairs.
-
Embed this notice
Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Sunday, 14-Dec-2025 21:28:41 JST
Erin 💽✨
@ryanc @hovav @f4grx @brouhaha it would be nice if an algo were written down as per e.g. https://github.com/C2SP/C2SP/blob/main/det-keygen.md for ECDSA
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 14-Dec-2025 22:17:38 JST
Ryan Castellucci (they/them) :nonbinary_flag:
@f4grx @erincandescent @hovav @brouhaha Until computers are made of something other than matter and occupy something other than space.
-
Embed this notice
F4GRX Sébastien (f4grx@chaos.social)'s status on Sunday, 14-Dec-2025 22:17:40 JST
F4GRX Sébastien
@ryanc @erincandescent @hovav @brouhaha thanks for all your remarks, it's true that 2^256 is still a lot of security.
-
Embed this notice
All GNU social JP content and data are available under the