it's good. think of it like adding a different kind of lock that requires a different key (method) to open up first. at worst it's no less secure than before. If it works as intended it's a huge disincentive for anyone collecting encrypted data with the hopes that a quantum computer may break encryption the "old" method in the future.
If an attacker can perform discrete logs over EC, and a collision attack is found on SHA-3, then an attacker can encapsulate a malicious secret in Kyber, which when hashed with the 3 ECDH values force the session keys for communications with that attacker to be attacker-chosen values.
In the context of Signal, this means that in a case where an attacker would know the session keys anyway (being one of the parties to the handshake), if ECDH and SHA-3 are both broken, then the attacker could force the session keys to values of their choice.
Certainly there would be cases where this could be a problem, but in the case of Signal, the most disastrous attack I can think of would be maybe some kind of backward MitM attack where two users think they're both talking with the attacker, but they're actually talking with each other. C.H.A.O.S. gets the NSA and GCHQ on a chat where they both think they're trying to exploit C.H.A.O.S., and then when they accidentally exploit each other and establish a persistent compromise, C.H.A.O.S. goes in through the backdoors that the NSA and GCHQ have set up, quickly before either the NSA or GCHQ realizes they've exploited the wrong target?
Maybe an attacker colludes with a third party where they arrange encryption keys ahead of time, and then the third party could more easily eavesdrop on communications between the innocent user and the attacker. However, in that case, why doesn't the attacker just leak the session keys to the third party after the fact rather than agreeing beforehand? I could contrive some situation where you've got malware infiltrated into a very locked-down environment where Signal is the only communications channel back out of the environment, preventing two-way communication with the malware, but I feel we're getting pretty far into contrived situations there.
What am I missing? Yes, the proposed key derivation function ads negligible overhead and looks sound. All else being equal, it's strictly better to not allow the attacker to force the session keys to a attacker-determined values if both ECDH and SHA-3 are broken. However, in this context, the risks associated with a larger code change seem to outweigh the risks of an attacker being able to choose session keys, particularly as it seems a security proof of the proposed key derivation function still seems to be a work in progress.
Even KeePass recommends to write the master secret key on a piece of paper. Sure, it must be in a secure place, but we cannot avoid this step for reliability.
Excuse my very basic question, but how do you manage spam when using mutt? Do you interface to a cloud-based service in mutt, or have some kind of other spam filter?
I’ve always liked the idea of moving my email to mutt and using personal domains, but not convinced I could manage spam well.
the same way you manage it with a GUI mail client. if you use a mailservice that includes a spam-filter, you can use mutt's imap support to access it, and thus access the filtered mailbox like any GUI or webmail client would.
for your own personal domain, either use a service that supports personalization. (gmail does, but there should be others) and you are covered again.
if you want to host your own mail server, then you'll probably want to run your own spam filter on that server. it works by having the mail server forward the mail to the filter (which can be local or remote) and then deal with the mail based on the response from the service.
On one hand it's in the acronym command line interface and on the other
"was wondering if anyone had any solid recommendations for applications that one can use in a terminal window" it really looks like he meant to express console apps not cli I think you are correct.
sure, conceptually it does, but that's not the point.
what matters for most is the fact that i can run the application in a text only terminal, on any machine (remote or local), from any device (be it linux, windows, mac or even a mobile phone (ok, that's rarely practical, but it's possible))
> what matters for most is the fact that i can run the application in a text only terminal, on any machine (remote or local), from any device (be it linux, windows, mac or even a mobile phone (ok, that's rarely practical, but it's possible))
> a GUI does not offer that advantage
Sure, not in the terminal, but X forwarding is a thing and works on every system I've had to use it on.
it doesn't work on the majority of systems i have to work with, which is servers that don't have the necessary tools installed.
it's also very susceptible to latency and most applications don't handle slow connections in a usable manner. (they are designed with the expectation that the gui always responds instantly)
to get something of a tmux/screen like experience, xpra is available, which is an awesome piece of work, but it doesn't help with the latency. even over just local wifi i have some applications become unusable over xpra when they work ok over plain remote X.
the problem is not necessarily X but in part GUI in general. i can't click the mouse anywhere until the respective UI item is visible, so i have to wait for that.
on a commandline on the other hand in most cases i can keep typing even on extremely slow connections because i can anticipate what will happen and i know what keys are appropriate to type next.
using mosh i even get something like editable typeahead which is a marvel and very hard to imagine on X.
Oh, I never said I _enjoyed_ X forwarding, or even use it frequently. My point was just that remote access in a similar way to a shell is possible with a GUI, and could be made even better if X had a means of not having to draw everything but left it up to the toolkit on the other end.
But yes, in general, a shell is just much better:)
Thanks! I like to collect mathematical "tricks" like this. This was on the /r/math subreddit a couple of days ago and many people were expressing surprise that they'd never encountered it.
It seems most people encounter this either as a brief coverage in real analysis or in full emphasis in mathematical physics or quantum field theory courses.
