Cryptography Key compromise and root cert with shared key in german lawyer communication software (beA)

---

• Key compromise and root cert with shared key in german lawyer communication software (beA)
• Elliptic Curve Ring Signature Potential Optimization
• Which crypto key to choose actually?

Key compromise and root cert with shared key in german lawyer communication software (beA) Posted: 24 Dec 2017 08:26 AM PST submitted by /u/johnmountain [link] [comments]

Elliptic Curve Ring Signature Potential Optimization Posted: 24 Dec 2017 12:31 PM PST I apologize in advance if this is the wrong place for this type of post, and I also apologize for its ugliness. I've been doing some work with non-linkable Borromean ring signatures and I had an idea for an optimization. I'm coming here today to ask if what I'm proposing has any security drawbacks or if I'm missing something trivial. For reference, I'm using a curve like Secp256k1. Given a standard 2-key non-Borromean ring signature, the process is more or less as follows: P0 = x0‧G P1 = x1‧G c1 = sha256( c0‧P0 + s0‧G ) mod N = sha256( (c0‧x0 + s0)‧G ) mod N c0 = sha256( c1‧P1 + s1‧G ) mod N = sha256( (c1‧x1 + s1)‧G ) mod N Where Pk is a public key, xk is a private key (at least one is known), ck is an intermediate scalar (not sure of the correct terminology), N is the order of the curve, and sk is either a random scalar or a seed value such that the ring can be closed. Then to close the ring, sk would be chosen such that ck‧xk+sk=alpha (where alpha was an initial value chosen at random): sk = (alpha - ck‧xk) mod N. Would there be any kind of security draw back to switching Pk and G? e.g.: c1 = sha256( c0‧G + s0‧P0 ) mod N = sha256( (c0 + s0‧x0)‧G ) mod N c0 = sha256( c1‧G + s1‧P1 ) mod N = sha256( (c1 + s1‧x1)‧G ) mod N Then closing the ring, sk would be chosen such that (alpha - ck)‧(xk mod-1 N) mod N. When switching the example to Borromean ring signatures, this would help me a lot since I can cut down on the number of elliptic curve multiplications since c0‧G could be calculated once and used for many different sets of rings. I however feel like I'm missing something. Any help would be greatly appreciated! Edit: Formatting submitted by /u/ANDREWTHEPLEB [link] [comments]

Which crypto key to choose actually? Posted: 24 Dec 2017 12:59 PM PST Assume the following situation: I'm in the process of reviewing the security process definitions at my employer. Coming from the network field, I know quite a bit about safety, firewalls, iptables and that kind of stuff in general, but not so much about actual cryptography. The most security critical systems covered are some hypervisor nodes running several dozens of VMs, mixed Web servers and production servers. Additional I'm looking for a way to provide our employees with a better way to securely encrypt their login informations. 2FA is definitely a point and that's the actual core thing of this post. Core points a solution should have for me: - Hardware based solution solely for that purpose is mandatory. So no SW-only solution and no Smartphone Auth - OpenSource is definitely a plus but not mandatory (if HW also ++) - A mature solution is preferred - no homelab stuff! - The ability to integrate the key with KeePass is considered mandatory (I know, you need a plugin for that). - OTP function is greatly appreciated After looking around, I came to the following keys: YubiKey The major player of course. The most feature rich alternative and seemingly the only one that provides U2F (and Challenge Response?) currently. The NFC feature would most likely not get used. Not able to update the firmware (has its advantages in security ofc). They dropped their open-source policy some time ago. NitroKey Another often used USB based solution. Not as feature rich as YubiKey but open source (even in the hardware it seems?) and able to upgrade the firmware. The storage version could provide additional security if used correctly (see below). Mooltipass Could not find much about this. Connected over USB but this time with a display and a PIN-secured card someone needs to insert for unlocking the stored informations. Plus would be that it can be used relatively easily with Smartphones as it seems. Identitycard Keycard-format sending informations over bluetooth. Not really something I would like to activate (only when it's really needed and I'm pretty sure not even all clients have a BT chip). Also pretty thin on documentation and use cases I could find. Therefore proprietary pretty sure. Something different Of course these are not all, just the ones that got my closer attention. For example I thought about using "regular" encrypted USB drives but the decryption process drives me off (what happens on the Crypto sticks as they've their own CPUs for that if I'm getting that right). My personal conclusion as of now: I already ordered a Yubikey 4 (with NFC) and a NitroKey Storage (32 GB, I think) for testing purposes. My current favorite would be the NitroKey because: - OpenSource - Not that I want to validate the code, but it's a thing about trust for me - The HW-encrypted storage of the NitroKey could come in handy because I think about storing the databases for KeePass on it. - They seem a bit more clumsy but we have the space in most cases (still investigating if there are some machines with industrial panels were space could be an issue) Open for actual thoughts. submitted by /u/Marscho1211 [link] [comments]

You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States