[148157] in cryptography@c2.net mail archive
Re: [Cryptography] Looking for feedback on new Java crypto library
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Nov 13 13:01:05 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 12 Nov 2013 20:03:53 -0800
To: James Yonan <james@openvpn.net>
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <52826157.8080903@openvpn.net>
Cc: Jerry Leichter <leichter@lrw.com>, cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
At 09:11 AM 11/12/2013, James Yonan wrote:
>On 11/11/2013 16:14, Jerry Leichter wrote:
>>4. There are multiple constant salts used in the algorithm. They
>>are documented as having come from /dev/urandom. But of course
>>there's absolutely no way for anyone to know where they came from.
>>While I doubt these values would provide any kind of back door, the
>>right way to pick such constants is to avoid any *possibility* that
>>they are "cooked" somehow - e.g., use values from pi *starting at the
>>first position*.
>
>But doesn't that lead to a salt monoculture?
If you don't like the salt monoculture from always using pi at the beginning,
you can pick e, or sqrt(2), or other popularly irrational numbers.
You could even get fancy and pick pi-offset-by-"your-version-number"-digits,
which is probably also obviously not cooked.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
