<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 21, 2014 at 2:11 PM, Phillip Hallam-Baker <span dir="ltr"><<a href="mailto:phill@hallambaker.com" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=phill@hallambaker.com&cc=&bcc=&su=&body=','_blank');return false;">phill@hallambaker.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">32bits or 32 bytes?<br>
<br>
I am pretty sure he said 32 bits in the presentation which had me<br>
really interested!<br>
<br>
But the specs say 32 bytes. And as a general matter, I can't see how a<br>
key of less than 128 bits can possibly be secure. I can brute force a<br>
64 bit space.<br></blockquote><div><br></div><div><div style="font-family:arial,sans-serif;font-size:12.571428298950195px">Sorry, 32-byte. Here's the original paper for the curve in question, curve25519:</div><div style="font-family:arial,sans-serif;font-size:12.571428298950195px">
<a href="http://cr.yp.to/ecdh/curve25519-20060209.pdf" target="_blank">http://cr.yp.to/ecdh/curve25519-20060209.pdf</a><br></div><div style="font-family:arial,sans-serif;font-size:12.571428298950195px"><br></div><div style="font-family:arial,sans-serif;font-size:12.571428298950195px">
In general, the curve work seems legit -- Adam Langley has an <a href="https://github.com/agl/curve25519-donna" target="_blank">active implementation</a>, the curve is used <a href="https://github.com/WhisperSystems/TextSecure/search?q=curve25519&ref=cmdform" target="_blank">inside TextSecure</a>, and, trusting Wikipedia for the moment, <a href="https://en.wikipedia.org/wiki/Curve25519#Notable_uses" target="_blank">a lot of other good projects</a>.</div>
<div style="font-family:arial,sans-serif;font-size:12.571428298950195px"><br></div><span style="font-family:arial,sans-serif;font-size:12.571428298950195px">I know there's a lot of skepticism of Cryptocat in the security community, and I'm not in a good position to evaluate the merits. I have gotten the sense that Cryptocat has responded constructively over time and improved their level of security.</span><div style="font-family:arial,sans-serif;font-size:12.571428298950195px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.571428298950195px">Either way, I think minilock deserves to be evaluated on its own merits, not just as something "from the cryptocat guy".</div></div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><div class="h5"><br>
<br>
<br>
On Mon, Jul 21, 2014 at 9:48 AM, Eric Mill <<a href="mailto:eric@konklone.com" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=eric@konklone.com&cc=&bcc=&su=&body=','_blank');return false;">eric@konklone.com</a>> wrote:<br>
> I saw this announced at HOPE X this weekend:<br>
><br>
> <a href="http://minilock.io/" target="_blank">http://minilock.io/</a><br>
><br>
> It uses curve25519, which requires much smaller keys (32 or 64 bits) to<br>
> ensure security -- and so it basically just demands a strong passphrase from<br>
> the user from which can be derived a strong private key.<br>
><br>
> The developer has a video and slides to go along with it, and in general<br>
> focused his energy on persuading the audience that JavaScript crypto is a<br>
> necessary and achievable part of the future.<br>
><br>
> -- Eric<br>
><br>
> --<br>
> <a href="http://konklone.com" target="_blank">konklone.com</a> | @konklone<br>
><br>
</div></div><div class=""><div class="h5">> _______________________________________________<br>
> The cryptography mailing list<br>
> <a href="mailto:cryptography@metzdowd.com" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=cryptography@metzdowd.com&cc=&bcc=&su=&body=','_blank');return false;">cryptography@metzdowd.com</a><br>
> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><a href="https://konklone.com" target="_blank">konklone.com</a> | <a href="https://twitter.com/konklone" target="_blank">@konklone</a><br>
</div></div>
</div></div>