Results 1 ... 38 found in all logged channels for 'null cipher'
(pest) dulapbot: (asciilifeform) 2021-05-18 asciilifeform: verisimilitude: it isn't even simply about the cert authorities, but rather a multi-layered shit sandwich, with multi-kilogram 'standards' documents, mandatory null ciphers, ~impossible to implement w/out subtle bugs, regular 'upgrades', and many more
(pest) asciilifeform: ( when you see format which makes memory corruption bugs ~inevitable, invites support for 'null ciphers', etc. you can moar or less smell it )
(pest) asciilifeform: there's no particular reason wai couldn't use a pestron in a 'slave mode' as a replacement for ssh, sans the latter's gnarly '100kloc of ???', null ciphers, etc
(asciilifeform) asciilifeform: verisimilitude: it isn't even simply about the cert authorities, but rather a multi-layered shit sandwich, with multi-kilogram 'standards' documents, mandatory null ciphers, ~impossible to implement w/out subtle bugs, regular 'upgrades', and many more
(asciilifeform) asciilifeform: was made specifically to be a) maximally difficult to implement b) provide minefield of 'null cipher toggles' c) ensure that any half-conformant implementation is multi-megabyte of ???
(trilema) asciilifeform: http://btcbase.org/log/2019-04-11#1908303 << for folx w/out the spare cycles to read the orig horror -- classical nsaware , complete with 'null ciphers' , 'negotiations', etc lulz
(trilema) asciilifeform: arguably this kind of thing doesn't belong at all in a production vtron, it is uncomfortably close to the proverbial 'null cipher flag'(tm)(r)
(trilema) asciilifeform: ( rfc2440, aka 'openpgp', classically usgological turd, complete with null ciphers etc )
(trilema) mircea_popescu: the problem is fundamental, though. the same EXACT thinking informs this problem as informs the earlier discussion with asciilifeform over null ciphers.
(trilema) asciilifeform: ( alternatively, how many bits do i need to flip in an otherwise correctly configured box, to set a 'noise' cipherer, into null mode ? )
(trilema) zx2c4: because IPsec's null cipher mode is for transport data. what youre asking about with 7.4 is the payload parameter of the handshake messages
(trilema) zx2c4: but there's certainly not any "null-ciphering" and this is only a misunderstanding of what the specification says
(trilema) asciilifeform: zx2c4: granted, but it would appear that the orig spec of 'noise' permits null-ciphering, just like the nsa-authored ssl/tls.
(trilema) a111: Logged on 2017-08-22 12:07 asciilifeform: the 'noise protocol' link is hilarious -- even features the classic leper's bell of nsa committee , the null-cipher
(trilema) a111: Logged on 2017-08-22 12:07 asciilifeform: the 'noise protocol' link is hilarious -- even features the classic leper's bell of nsa committee , the null-cipher
(trilema) ben_vulpes: use more null-cipher cryptosuites: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
(trilema) mircea_popescu: the point re thompson's compiler is easily misunderstood, in the sense of being conceptualized too narrowly. that unwarranted narrowness then permits you to handwave his objection re null ciphers in the actual technical discussion ; but look how you fell for an obfuscated null cipher yourself right here!
(trilema) mircea_popescu: http://btcbase.org/log/2017-08-22#1701957 << no, his objection actually is "tls ingredient sucks and recipe sucks whereas noise is not a recipe and it doesn't have ingredients". he is correclty rejecting what, contrary to elaborately crafted appearance, is a null cipher.
(trilema) a111: Logged on 2017-08-22 15:31 valentinbuza: noise is a framework for creating protocols. you have the option to create NOISE_NULL_CIPHER_TOTAL_BS protocol which is totally different from NOISE_ANOTHER_SANE_CHOICE
(trilema) a111: Logged on 2017-08-22 12:08 asciilifeform: ( implementation becomes an underhanded-C-contest in concealing the fact of ~any~ box running the idiocy reverting to nullcipher on demand )
(trilema) asciilifeform: the ~actual~ purpose of the attempted 'frameworks' is to drill into your skull and install the idea that nullcipher, diffiehellman, aes, are acceptable things to exist in this world, and can be pushed as 'cryptography'
(trilema) asciilifeform: ( and in particular if 'whatever you like' includes diffie hellman and nullcipher )
(trilema) valentinbuza: it is different from TLS, where whatever version you are using it has null cipher. The question should be: does someone deployed NOISE_NULL_CIPHER_TOTAL_BS? then you can blame them
(trilema) valentinbuza: noise is a framework for creating protocols. you have the option to create NOISE_NULL_CIPHER_TOTAL_BS protocol which is totally different from NOISE_ANOTHER_SANE_CHOICE
(trilema) valentinbuza: linked noise as a partial response to spyked http://thetarpit.org/posts/y03/05b-https-war-declaration.html. Noise null cipher is an different context than TLS null cipher.
(trilema) asciilifeform: massive pile of moving parts, aes, various post-conversion bernsteinisms, null ciphers, 'this is faster on 32-bit cpu so we're using it', let's-give-enemy-raw-bytes-from-prng, and other jokes.
(trilema) asciilifeform: ( implementation becomes an underhanded-C-contest in concealing the fact of ~any~ box running the idiocy reverting to nullcipher on demand )
(trilema) asciilifeform: the 'noise protocol' link is hilarious -- even features the classic leper's bell of nsa committee , the null-cipher
(trilema) asciilifeform: PeterL: one of the most comical failure modes, ubiquitous in usg crypto, is the null cipher
(trilema) asciilifeform: exercise: encipher a consecutive stream of nulls, with aes, using whatever you want as init vector