From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: from tb-ob0.topicbox.com (tb-ob0.topicbox.com [64.147.108.117]) by inbox.vuxu.org (Postfix) with ESMTP id 246CA26D88 for ; Sun, 12 May 2024 18:44:03 +0200 (CEST) Received: from tb-mx1.topicbox.com (tb-mx1.nyi.icgroup.com [10.90.30.61]) by tb-ob0.topicbox.com (Postfix) with ESMTP id 39DAB34FF0 for ; Sun, 12 May 2024 12:44:02 -0400 (EDT) (envelope-from bounce.mM2003e6b5eb34ea3270a33bec.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com) Received: by tb-mx1.topicbox.com (Postfix, from userid 1132) id 352131907764; Sun, 12 May 2024 12:44:02 -0400 (EDT) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:from:date:in-reply-to :mime-version:content-type:content-transfer-encoding:list-help :list-id:list-post:list-subscribe:reply-to:list-unsubscribe; s= sysmsg-1; t=1715532242; bh=wAyzxkrAP+fClwaat6DCiXY+Jc2bPY6w7nHbM KtHRYc=; b=g/Ol7WB+S3o+/tKKT2gZ6lJ3vHxPY4iW5/ETRPGqOGpisoLQ2LHzg dktFI3q52T1xUOmjwuhyjzIaJpmcXXuCucQL/Ai171ZDs6+QGXvYHYpqhkRjO8z8 Ua4+gaLDVYFhAPdZzWCTazTILNb6GfVxcdqZVP8uXx+51xBvCrEAMM= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1715532242; b=iu1u83Zd7UdVpOk+4aWjN8DO3F7XfWrlkTQx5xPrKWD0oq5v8k o3q6AZupm+DqgpltiisV9tn8fieMGNxXW3z57J4+pNOkTrqjogrVSHAXtVh4fKfr jAhpZOramq+IMtschJ7Yi9oZE4kA563pLO3I6aJ+/6sFBW0Q/8lDCFs24= Authentication-Results: topicbox.com; arc=pass; dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC did not pass); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; iprev=pass smtp.remote-ip=46.235.227.24 (mx2.mythic-beasts.com); spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-aligned-from=domain_pass (Domain match); x-me-sender=none; x-ptr=pass smtp.helo=mx2.mythic-beasts.com policy.ptr=mx2.mythic-beasts.com; x-return-mx=pass header.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-return-mx=pass smtp.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=message-id :to:subject:from:date:in-reply-to:mime-version:content-type :content-transfer-encoding:list-help:list-id:list-post :list-subscribe:reply-to:list-unsubscribe; s=dkim-1; t= 1715532242; x=1715618642; bh=H1/MA1MbB14VZRR1ujkjNF2CCfKfgOiGVxR DyGuRFN4=; b=SLBLUnogR4coZ1FWOGGJwEIe3nDvk4W+XZm99Sipo60pNvkV9bY T1Q4Yrc76u7j+RXaRAR8ndOzvTTOlsrnr52aSLGlR6gckBhMB3yqQrxrzIJJElbc 7e5XQoO+Z6kEktHdIQg86WIVEW5vjq6cyxcUHYmrVJJQMFtxO1BJaan0= Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id C59B91907338 for <9fans@9fans.net>; Sun, 12 May 2024 12:43:48 -0400 (EDT) (envelope-from miller@hamnavoe.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 2EBAF9B3866; Sun, 12 May 2024 12:43:48 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1715532228; b=vzQxAQTN08aS+No9Xi8gyVsYcIbwTFwHP6YTNW2NNzNCidc3xU TexFTM+Z06Kpa0raeiAG/49BD7K4B1TDQHm6Lkh3nh5AeuOB6jPYOFekm0VXCtqG +vZtytJwfY0jfeVSEnfmGWMFqEu0q16EqKqYnO7cjHpsKa3iOqxaIeR1IIqY6vMo 4uygv2ER2aLGMV2JoaaM4fY+bxU7HwDUPgXWprJZy8n3MO0h0jByjmPwRqCxedPL vRB9aE3u4abJ1InHk8lPEsY9zd98/MjnUZJSSm2v+B0gnDKV4L2NWQbl655/Ipko Y18eVG69DkjFOUPBcRrtEgyzuTuG0T//NCFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:from:date:in-reply-to :mime-version:content-type:content-transfer-encoding; s=arcseal; t=1715532228; bh=WWWSJTVTSvuyqHnj+KqdjpwV/HymNljMQnI9hPCw2Ok=; b= EcFXupEG9AORHYWnOdWnkwFvkcvh/YCQjIV7tSsQ9ECpSrFerbjSi9WbPNrHF9k7 5IunJIRo0J7Y6gWTqSklMyOcFojsTjr7Qc9UaDAFKgNnKm1DfOe1wa2q9Vi3YxjM Z7jy8/LjKvG0RvvJ+Lov+kH1byp8GmQ2QidQSN3cucPfoGGmc8duuasG/LI319gS YY9xcrOzam7IEEZaiZygnHZ/JAMe0l5MATArKr745OoNGxw/lXeUpnnk1znkRuYD GjyciFFhsD6F7PBTm2WviBd5R00SgLJNqJkcSwvoh5AhYnl7nBeH2Mvwak9VKTDF 4c9dhLFbxtCHCrpeMvO5ag== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC did not pass); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; iprev=pass smtp.remote-ip=46.235.227.24 (mx2.mythic-beasts.com); spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-aligned-from=domain_pass (Domain match); x-me-sender=none; x-ptr=pass smtp.helo=mx2.mythic-beasts.com policy.ptr=mx2.mythic-beasts.com; x-return-mx=pass header.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-return-mx=pass smtp.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdegvddguddtfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkffvuf fhffgjgggtgfesthejjhdttddtvdenucfhrhhomheptfhitghhrghrugcuofhilhhlvghr uceolehfrghnsheshhgrmhhnrghvohgvrdgtohhmqeenucggtffrrghtthgvrhhnpeevtd eftdejfefhleelhfdttdfhhffghfefudeftefghfehfefhffetvdehgeejueenucfkphep geeirddvfeehrddvvdejrddvgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epihhnvghtpeegiedrvdefhedrvddvjedrvdegpdhhvghlohepmhigvddrmhihthhhihgt qdgsvggrshhtshdrtghomhdpmhgrihhlfhhrohhmpeeomhhilhhlvghrsehhrghmnhgrvh hovgdrtghomheqpdhnsggprhgtphhtthhopedupdhrtghpthhtohepoeelfhgrnhhsseel fhgrnhhsrdhnvghtqe X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (hamnavoe.com: Sender is authorized to use 'miller@hamnavoe.com' in 'mfrom' identity (mechanism 'include:_spf.mythic-beasts.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="miller@hamnavoe.com"; helo=mx2.mythic-beasts.com; client-ip=46.235.227.24 Received: from mx2.mythic-beasts.com (mx2.mythic-beasts.com [46.235.227.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sun, 12 May 2024 12:43:47 -0400 (EDT) (envelope-from miller@hamnavoe.com) Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_RSA_WITH_AES_256_CBC_SHA (Exim 4.94.2) (envelope-from ) id 1s6CIc-000Loc-HY for 9fans@9fans.net; Sun, 12 May 2024 17:43:46 +0100 Message-ID: <36c63d5b02277489e2195a0c1006ff39@hamnavoe.com> To: 9fans@9fans.net Subject: Re: [9fans] one weird trick to break p9sk1 ? From: Richard Miller <9fans@hamnavoe.com> Date: Sun, 12 May 2024 17:43:45 +0100 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BlackCat-Spam-Score: 12 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: d1906ca2-107e-11ef-ae4d-c8b8af1c1be6 Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UNTYzOTdlZmY2MjY5YWYyNy1NMjAwM2U2YjVlYjM0ZWEzMjcwYTMz?= =?UTF-8?B?YmVjPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M2003e6b5eb34ea3270a33bec:1:uxXsiYAP1v9h3zXJ1Fnn-6P0qAqacNJN7V701TrTy5s 23hiro@gmail.com: > sorry for ignoring your ideas about a p9sk3, but is your mentioning of > ocam's razor implying that dp9ik is too complicated? > is there any other reason to stick with DES instead of AES in > particular? i'm not a cryptographer by any means, but just curious. My comments are about p9sk1; I'm not implying anything about other algorithms. When working with other people's software, whether professionally or for my own purposes, I try to take a minimum-intervention approach: because it's respectful, because of Occam's Razor, because of Tony Hoare's observation that software can be either so simple that it obviously has no bugs, or so complicated that it has no obvious bugs. I thought of 3DES in the first instance because of this desire to be minimally disruptive. Support for DES is already there and tested. 3DES only needs extra keys in /mnt/keys, and because 3DES encryption with all three keys the same becomes single DES, there's a graceful fallback when users have access only via an older client with unmodified p9sk1. Obviously the server ticket would always be protected by 3DES. This is only the first scratching of an idea, not implemented yet. I've got nothing against AES. I'm not a cryptographer either, but I did once have to build a javacard implementation for a proprietary smartcard which involved a lot of crypto infrastructure, and had to pass EMV certification. Naturally that needed AES, elliptic curves, and plenty of other esoterica to fit in with the existing environment and specifications. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-M2003e= 6b5eb34ea3270a33bec Delivery options: https://9fans.topicbox.com/groups/9fans/subscription