Re: libcatmath secure tunnel protocol




http://www.debian.org/security/2008/dsa-1571
a) If you have random from both sides, one failing prng is not
disastrous

Hah yeah if my PRNG sucks then it would not be very secure =)
Both sides will be using the same PRNG that is part of my library so
I don't think that would be advantageous.

b) Nonce from both sides prevents replay attacks within the
handshake process

I do not believe there is a replay attack in the handshake
process... Would you mind showing me how that would work in my
protocol? Thank you for helping me out.

Please read a book about protocol design & crypto, before you use
your protocol in real world apps.

I've read a few books and lots of papers and websites, etc. Maybe I
am just not that bright. =)



http://catid.org

--
--------------------------------- --- -- -
Posted with NewsLeecher v3.95 Beta 3
Web @ http://www.newsleecher.com/?usenet
------------------- ----- ---- -- -

.



Relevant Pages

  • Re: Toaster to Generate Random Numbers
    ... >]A secure PRG is one for which if the input is fairly drawn, ... That is why people worry about a PRNG being ... The entropy of the output cannot be higher than the entropy of ...
    (comp.security.misc)
  • Re: Toaster to Generate Random Numbers
    ... >]A secure PRG is one for which if the input is fairly drawn, ... That is why people worry about a PRNG being ... The entropy of the output cannot be higher than the entropy of ...
    (sci.crypt)
  • Re: implementation of one-time-pad with Mersenne Twister PRNG
    ... generator is secure. ... The Mersenne Twister is not secure. ... PRNG, it is not sufficient to pass a set of commonly accepted statistical ... computers are quite good at it. ...
    (sci.crypt)
  • MT19337 for stream encryption?
    ... I am a novice at cryptography, so excuse my intrusion, but I'd like to ... Our application needs a very fast yet secure encryption method. ... We would, of course, forego using the PRNG seed generator for MT19337 ...
    (sci.crypt)
  • Re: MT19337 for stream encryption?
    ... opposed to using a weaker PRNG to do the job? ... hashing algorithm to make it truly secure? ... and simpler to achieve security. ... component in a cipher, even if it is a terrible cipher by itself. ...
    (sci.crypt)