Re: My little something...

Tom St Denis wrote:
Where did you get a 1024 bit curve?

From my head. :)


And why are you using it with
256-bit ciphers?

For security margin, since ECC is kinda new field. Currently 512bit ECC would give same complexity as 256bit symmetric for bruteforcing I recall.


- Twofish (LRW) & Serpent (CTR) as symmetric cipher.

You mean you offer two ciphers in different modes or that you chain
it?

Two ciphers in different modes with different, independend keys.


- Whirpool as hash function (if 256bits is needed, output of Whirpool is
divided into two parts which are XOR:ed together).

Truncation is better than that.

Why? If there is "not-randomness" in the output, you might end up with the piece that is "not-so-random". When you take the whole package, split it half and XOR it, its unlikely that output would be "less-random" than the original package.


Key, salt and IV generation functions used
- PKCS#5 password-key derivation function with PRNG pools and
HMAC-Whirpool with 100000 iterations.
- 512bit salt for key generation functions, 256bit for IV:s per session
are created.

256 bit IV? For a 128-bit block cipher? O RLY?

Heh, two 128bit IV:s for the two ciphers = 256bit IV:s.


Also do you plan on encrypting 2^256 files per password?

?

PRNG:s used
- Yarrow & Mersenne Twister & Fortuna (with Twofish) & Blum-Blum-Shub &
RtlGenRandom and user interactiveTM (mouse movement).

WHY!!!!

To get random numbers for ciphers. I dont want to end up in situation where only one PRNG is used and then after few years we know it has actually been broken or is otherwise bad PRNG. Combine few different PRNG:s and failure in one or two does not compromise security.


- PRNG pool is 2x512=1024bits.
- Output of all PRNG:s are combined and hashed using HMAC-Whirpool.

HMAC-Whirlpool is not a hash.

Ups. :p


What are your specific goals you are trying to accomplish with
cryptography?

Kill some time and test my brains a bit. :p
But with this one, as I sayed, I was thinking of upgrading current (lets say PGP) encryption to littlebit more paranoid mode, just thinking did I get most of it right or wrong...

--
My computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.
.

Relevant Pages

  • Re: My little something...
    ... since ECC is kinda new field. ... You mean you offer two ciphers in different modes or that you chain ... Two ciphers in different modes with different, independend keys. ... and XOR to create blockkey. ...
    (sci.crypt)
  • Re: My little something...
    ... since ECC is kinda new field. ... You mean you offer two ciphers in different modes or that you chain ... If Whirlpool is a secure hash than truncation MUST BE just as secure as ...
    (sci.crypt)
Quantcast