Profile cover photo
Profile photo
Aaron Toponce
Storage architect, cloud engineer, system administrator.
Storage architect, cloud engineer, system administrator.


Post has attachment
+Linus Torvalds is considering using SHA3-256 for the SHA-1 replacement in Git. That's fine with me, provided that he isn't considering truncating the digest to 160-bits as a drop-in SHA-1 replacement. We have extendable output functions in cryptography (XOFs) for this very reason.

If he is hell-bent on using SHA-3, which is a fine choice (it has incredible hardware performance), but only wants to output 160-bits, then rather than truncating SHA3-256, he should be looking at using SHAKE128 or SHAKE256, and output 160-bits directly.

However, I have a better alternative to SHAKE128 and SHAKE256, and that's BLAKE2xp. BLAKE2 is a revised BLAKE, which was part of the 2008 NIST SHA-3 competition, and a finalist (as was Keccak which won). BLAKE2 provides the following features:

BLAKE2s- "Small" 256-bit output
BLAKE2b- "Big" 512-bit output
BLAKE2x- "eXtendable" variable output
BLAKE2sp- Parallel BLAKE2s
BLAKE2bp- Parallel BLAKE2b
BLAKE2xp- Parallel BLAKE2x

Without the parallel performance, on an Intel Skylake, BLAKE2 outperforms both MD5 and SHA-1 (see the attached image). Parallel versions on the same Skylake hardware are north of 2 GBps (gigabytes, not gigabits).

The security margins of BLAKE2 are every bit as secure as SHA-3, and it was designed specifically to be a high performer in software, which makes it a perfect fit for Git.

So, if you really want to make the Right Choice, then choose BLAKE2xp for the 160-bit hashing function and SHA-1 replacement. However, if you stick with SHA3-256, or SHAKE128/SHAKE256, that's fine too. 2nd place is better than last place.
Add a comment...

Post has attachment
Aaron Toponce commented on a post on Blogger.
<blockquote>Looking forward, I hope that by 18.04 LTS time-frame the SHA-3 algorithm will make its way into the OpenPGP spec and that we will possibly start a transition to 8096 RSA keys.</blockquote>

There is no need to migrate to SHA-3 and (I think you mean) 8192-bit RSA keys. SHA-2 is not showing any near-practical weaknesses that can be exploited, and 2048-bit RSA is more than sufficient for the very long term. Generating a 4096-bit RSA is just because you can and you're bored. Same with migrating to SHA-3. One would only create 8192-bit RSA keys, when they clearly don't understand what they're doing.

Now, fair is fair. If the ever-mythical general purpose quantum computer becomes ubiquitous (probably about the same time as lightsabers and warp drives), then we are in deep trouble with RSA, due to Grover's and Shor's algorithms. So, rather than larger and larger RSA keys, it probably makes better sense to move to quantum-secure algorithms instead.

Of course, in 2016, any modern cryptographer will shake their head at the continued use of RSA. Even though it's not insecure, in-and-of-itself, it presents a number of pitfalls and gotchas that make implementing RSA unsafe. Instead, I would recommend migrating to ECC keys, available in GnuPG 2.1. Debian has already moved GnuPG to version 2 by default, which means Ubuntu will follow, unless the GnuPG package maintainer decides otherwise.

So, for 18.04, verifying ECC-signed packages will be trivial with GnuPG 2, offers increased performance over RSA, provides smaller key sizes, and doesn't ship with the baggage RSA comes with on incorrect implementations.
Add a comment...

Post has attachment
I've been putting something together the past couple months, and it's shaping up quite nicely, so I'm ready for some feedback.

This is a password generator and entropy tester. The goal is to be friendly enough that moms would be able to use it, understand it, and update their behaviors on passwords.

It still needs some visual design, I'm aware of that. However, I'm no designer, so I'm open to feedback or how to visually enhance it, and make it more friendly. Some constructive feedback could include:

* Visual site design, including mobile feedback.
* Simplifying scientific terms and lingo about entropy.
* How different password designs are advantageous in different settings (working on it).

I want my mom, your mom, and all the moms to:

* Improve their password usage.
* Understand why they need passwords with larger degrees of entropy.
* Heck, even know what entropy is.

Add a comment...

Post has shared content
The Pokémill.
maybe the rest of you will finally realize!!! #teamvalor

Post has shared content

Post has attachment
From L12 to L15.

Post has attachment
It would be nice if the app had built-in screenshot taking. However, here is what is in my Pokédex.
4 Photos - View album

Post has attachment
After a couple hours with lures on a number of Pokéstops. Finally evolved an Eevee, caught and powered up a Rapidash, evolved a Paras, evolved a Pigeotto, leveled to 11, got a number of bronze awards and one silver. Needless to say, productive night.

Post has attachment
Got to level 10 today walking around the local park. Picked up several new Pokémon, and dozens of duplicates. Traded in the weak dupes for candy, and powered up and evolved a couple.

So, is it just me, or are the algorithms from the field test to general availability significantly different? No longer do I get free Pokécoins when randomly visiting the store. In fact, it appears that Pokécoins will cost real money now.

Up through level 5, all Pokéstops just gave regular Pokéballs. The frequency of the Pokémon seems about the same, but so far through level 5, the strongest one I have has a CP of 69 with Cubone, with the other 31 Pokémon having 53 CP or less

The GPS does seem more accurate though. In the field test, I know I walked a lot more than was recorded.
Wait while more posts are being loaded