What would be really useful is a way to get strongest-of-N *implementations*, but that's a lot harder than it sounds (sidechannels amplify).
-
-
@bascule Probably not, but that's composing ciphers not implementations. I'm thinking more along the lines of vulns independent of crypto. -
@bascule With ciphers it's pretty easy to get strongest-of-N but with whole implementations, it could easily be weakest-of-N. -
@DefuseSec how can secret dependent timings of one keystream generator implementation break the whole construction if the other one is good? -
@bascule I don't think they can. (I'm currently researching non-crypto sidechans, so my head is far away from learn-bits-of-key attacks :P). -
@bascule I suppose if you're careful about what info the second implementation gets, it can't make it any worse even if it publishes it all.
End of conversation
New conversation -
-
-
@DefuseSec otherwise that construction produces ciphertexts probably as random as the strongest of the two keystream generatorsThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.