09:50 <hellekin> wpwrak: I'm coming back with 3 laptops, 2 of them out of order, and the last one looks the same. How do I explain this?

11:50 <wpwrak> hellekin: hmm, you make have set yourself up for a challenge :)

11:50 <wpwrak> the good thing is that they won't look at your phone, given the other stuff you're trying to parade past them

11:59 <hellekin> wpwrak: lol

16:06 <DocScrutinizer05> Neo900DOWN PAYMENT Neo900 complete device-193

16:06 <DocScrutinizer05> NeoNDOWN PAYMENT NeoN bare board-101

16:06 <DocScrutinizer05> one user upgraded from NeoN to Neo900

17:25 <DocScrutinizer05> http://samvartaka.github.io/backdoors/2015/09/03/rsa-curve25519-backdoor/

17:59 <wpwrak> mmh. as far as i understand it, this is a response to a proposal for implementing a backdoor (where the backdoor consists of an attack on the PRNG). that proposal would use curve25519 to ensure only the one who put the backdoor there can reconstruct the compromised PRNG sequence.

18:00 <wpwrak> this response says that one can detect this presence of this proposed (i.e., hypothetical) attack by statistical means

18:01 <DocScrutinizer05> yeah, somesth like that

18:01 <wpwrak> all in all, more of an academic exercise. and one more reason why open source is a must for credible security :)

18:05 <DocScrutinizer05> anyway that attack scenario relies on ECC

18:06 <DocScrutinizer05> which is why it got mentioned by OP and OP said he doesn't like ECC too much for a number of reasons. Others agreed

18:15 <wpwrak> mmh. it relies on ECC in the sense that ECC can have compact key spaces. i.e., for any number x, the probability that x is a valid key, is reasonably high. while for the prime-based systems, it is very low.

18:16 <wpwrak> but that's not an argument against ECC. and that scenario (neither the proposed backdoor nor the countermeasure) is not an attack on ECC in any way.

18:17 <wpwrak> as you may guess, i happen to like ECC :)

18:39 <wpwrak> what i especially like about curve25519 (not sure if it applies in the same way to all ECC, probably not) is that 1) key generation is very efficient. this means a) little computational overhead and b) low demands on the entropy source. and 2) that keys are compact. with RSA, we're about to see whole classes of MCUs getting excluded from being able to perform state of the art crypto simply because they don't have enough space for the damn

18:39 <wpwrak> keys.

19:04 <Wizzup> rsa is proven tech though. ecc needs more time until I fully trust it

19:04 <Wizzup> (also fan of ed25519 though)

19:10 <wpwrak> ECC is also quite old. i heard of it the first time in a crypto lecture in the early 90es, i.e., almost a quarter of a century ago (how time flies :)

19:12 <Wizzup> I'm a bit sceptical

19:13 <wpwrak> that's of course never a bad idea :)