[tor-dev] Quantum-safe Hybrid handshake for Tor

[Tim Wilson-Brown - teor]

> On 3 Jan 2016, at 14:12, Jesse V <kernelcorn at riseup.net> wrote:
> 
> On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote:
>> And if we can't use the reference implementation, we have some decent
>> programmers…
>> (On the other hand, if there's no reference implementation, then that
>> makes it hard to recommend that particular crypto scheme.)
> 
> That sounds pretty close to a "roll your own crypto" idea, which as I'm
> sure you know is almost always a poor idea. Classical algorithms like
> RSA and Diffie-Hellman are ~40 years old but they have many
> side-channels and are still hard to implement correctly. There are so
> many subtleties with ECDHE and ECDSA, with the notable exception of the
> safer *25519 cryptosystems from djb. Post-quantum cryptography is over
> my head, but considering the pattern and the newness of the field I
> wouldn't trust any implementation unless it was written or at least
> vetted by the authors of the respective post-quantum crypto system.

Point taken. It was a bit of a throwaway line, rather than a serious suggestion.
tor currently uses external crypto implementations rather than writing our own.

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160103/3a4f0ba5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160103/3a4f0ba5/attachment.sig>