Re: [gnueval-security] [Richard Stallman] evaluating an encryption progr

gnueval-security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnueval-security] [Richard Stallman] evaluating an encryption progr

From:	Brandon Invergo
Subject:	Re: [gnueval-security] [Richard Stallman] evaluating an encryption program
Date:	Tue, 26 Nov 2013 00:17:04 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Hi Christian,

Thanks for your input.  

Could you or Stephen send a quick report to rms once you guys have
reached a conclusion?

Thanks!

Brandon

Christian Grothoff <address@hidden> writes:

> Hi!
>
> Aside from the usual caveats (NTRU is peer-reviewed, but still rather
> new and comparatively untested; there is also the probabilistic
> decryption mentioned already by Stephen), and some obvious disadvantages
> (huge key size, limited availability), I don't know that there is a
> clear security reason for -not- using it.  However, as long as quantum
> cryptoanalysis (not quantum computing with a handful of bits) is not
> real, it is unclear if NTRU is actually going to be stronger than say a
> good curve.  NTRU is better against a system that is hypothetical today.
>  Experts I talked to said that there is a 10% chance that they are real
> in 10-30 years --- and a 89% chance that they won't ever be real.
>
> So the real question is if the GNU packages using NTRU should be trying
> to prepare for the 10% chance in 10-30 years.  MOST should probably not
> do this.  A few crypto libraries (libgcrypt, nettle, GnuPG) may (!) put
> this on their medium-term feature list, but any "normal" package should
> not touch this IMO -- they're much more likely to have security issues
> elsewhere.
>
> My 2 cents
>
> Christian
>
>
> On 11/24/13 21:07, Brandon Invergo wrote:
>> Hi guys,
>> 
>> From rms:
>> 
>>> Could you please ask people to look at
>>> https://github.com/NTRUOpenSourceProject/ntru-crypto/ and judge
>>> whether it is good for us to use?
>> 
>>> They are not considering making it a GNU package, and I doubt that
>>> they ever will; but we might want GNU packages to use it, and that's
>>> the question I'd like people to study.
>>> Please report back to me after you've come to some conclusion.
>> 
>> Can someone look into it for us?
>> 
>> Thanks!
>> Brandon
>> 
>
>

-- 
Brandon Invergo
http://brandon.invergo.net

pgpQGq05eiAhk.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[gnueval-security] [Richard Stallman] evaluating an encryption program, Brandon Invergo, 2013/11/24
- Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Stephen H. Dawson, 2013/11/24
- Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Christian Grothoff, 2013/11/25
  - Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Stephen H. Dawson, 2013/11/25
  - Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Brandon Invergo <=
  - Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Niels Möller, 2013/11/26
    - Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Stephen H. Dawson, 2013/11/26
    - Re: [gnueval-security] [Richard Stallman] evaluating an encryption program, Christian Grothoff, 2013/11/27

Prev by Date: Re: [gnueval-security] [Richard Stallman] evaluating an encryption program
Next by Date: Re: [gnueval-security] [Richard Stallman] evaluating an encryption program
Previous by thread: Re: [gnueval-security] [Richard Stallman] evaluating an encryption program
Next by thread: Re: [gnueval-security] [Richard Stallman] evaluating an encryption program
Index(es):
- Date
- Thread