Nomen Nescio wrote:
It looks like Camenisch Lysyanskaya are patenting their credential
system. This is from the online patent applications database:
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFp=1u=/ne
Yes, but the probability of it being significantly worse than I claimed
(i.e., by more than a factor t) is exponentially small (in t). One can
easily calculate concretely exactly what the risk curve looks like.
I'll spare everyone the details and just say that I see no reason why
this
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
To: William Knowles [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 20, 2003 11:47 AM
Subject: Re: Prime numbers guru 'factors' down success
William Knowles wrote:
Prime numbers (such as 1, 5, 11, 37...) are
I do not know what the proper terminology is to discuss this. Assuming
there is none, I will call the solution Key Pair Agreement.
Call it kosherized public key generation. Kosherization is not a term often
used in theoretical cryptography, but it is often used in practice
It would seem that
I can see how Alice
can easily generate two primes whose product will have
that *high* order part, but it seems hard to
generate an RSA modulus with a specific *low* order
64 bits.
It is easy in both cases, here are examples I easily came up
with:
(low order DEADBEEF))
p =
I worte -
implemented?), and 3-4 orders is not that big of a magnitude.
I take that back. When considering cost, 3-4 orders of magnitude is
important.
--Anton
-
The Cryptography Mailing List
Unsubscribe by sending
- Original Message -
From: bear [EMAIL PROTECTED]
[Talking about Microsoft Passport...]
But it's even worse than that, because people who
ought to know better (and people who *DO* know better, their own
ethics and customers' best interests be damned) are even *DEVELOPING*
for this
RSA is subject to blinding attacks and several other failure modes if
used without padding. For details on what that means, read the
cyclopedia cryptologia article on RSA.
http://www.disappearing-inc.com/R/rsa.html
That brings on another amateur question. In that article it says,
- Original Message -
From: Adam Back [EMAIL PROTECTED]
To: Peter Gutmann [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Adam Back
[EMAIL PROTECTED]
Sent: Thursday, February 06, 2003 8:07 PM
Subject: password based key-wrap (Re: The Crypto Gardening Guide and
Planting Tips)
If I'm not mistaken, the OpenSSL spec says that you should
MAC the (compressed) message, and then encrypt the message
and the MAC.
This composition is not generically secure, on the other hand you
can prove some nice things about the composition encrypt-then-
MAC assuming certain conditions, see
Bodo Moeller wrote:
Actually there are three choices:
Pad-then-encrypt-then-MAC
Pad-then-MAC-then-encrypt
MAC-then-pad-then-encrypt
It's true that pad-then-encrypt-then-MAC appears to be the safest
approach in general, but pad-then-MAC-then-encrypt would also have
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
To: Cryptography [EMAIL PROTECTED]
Sent: Thursday, March 06, 2003 6:47 AM
Subject: Proven Primes
I'm looking for a list or lists of sensibly sized proven primes - all
the lists I can find are more interested in records, which are
- Original Message -
From: Bill Frantz [EMAIL PROTECTED]
To: Ed Gerck [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, March 06, 2003 2:14 AM
Subject: Re: Scientists question electronic voting
[..]
The best counter to this problem is widely available systems to produce
fake photos
- Original Message -
From: Ed Gerck [EMAIL PROTECTED]
[...]
This is not possible for current paper ballots, for several reasons. For
example, if you take a picture of your punch card as a proof of how you
voted, what is to prevent you -- after the picture is taken -- to punch
another
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
To: Anton Stiglic [EMAIL PROTECTED]
[Talking about the ECPP package...]
I'm not convinced any of those binaries are going to run on my system
(which is FreeBSD), and anyway, if I'm going to use a binary to do ECPP
I may as well
- Original Message -
From: Ed Gerck [EMAIL PROTECTED]
[...]
For example, using the proposed system a voter can easily, by using a
small concealed camera or a cell phone with a camera, obtain a copy of
that receipt and use it to get money for the vote, or keep the job. And
no one
I thought that finding them was the hard part, and verifying one once
found
was relatively easy. I used the probable prime test in the Java
BigInteger
package. It sounds like, from some of the list traffic, that there are
better tests.
Chapter 4 of the HAC gives a good introduction to all
The contribution of Pratt was to be the first to publish a proof
that the certificate can be verified in polynomial time (thus proving
that PRIMES is in NP).
--Anton
- Original Message -
From: Richard Schroeppel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: David Wagner [EMAIL PROTECTED]
- Original Message -
From: tom st denis [EMAIL PROTECTED]
To: Cryptography [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 11:28 AM
Subject: Re: Proven Primes
--- Tero Kivinen [EMAIL PROTECTED] wrote:
SOPHIE GERMAIN PRIME SEARCH
FIXED 64 bits.
INDEX 0:
PRIME (bits 512), index
- Original Message -
From: NOP [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 4:48 PM
Subject: Diffie-Hellman 128 bit
I am looking at attacks on Diffie-Hellman.
The protocol implementation I'm looking at designed their diffie-hellman
using 128 bit primes
Well, I'm attacking a protocol, I know the rules of DH parameters, and the
issue here is I'm trying to solve x, brute forcing that in the 128 bit
range
can be difficult, and x doesn't have to be a prime. (a = g^x mod P). Their
primes are 128 bit primes, as well as their pubkeys, I've done
- Original Message -
From: NOP [EMAIL PROTECTED]
To: Derek Atkins [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, March 14, 2003 9:32 PM
Subject: Re: Diffie-Hellman 128 bit
Well, I'm attacking a protocol, I know the rules of DH parameters, and the
issue here is I'm trying to
The list of all FIPS 140-1 and 140-2 validated modules can be
found here
http://csrc.nist.gov/cryptval/140-1/1401val.htm
(this includes software and hardware modules).
For Mitigation of Other Attacks, the FIPS 140 evaluation doesn't
look at these. Some vendors might consider these attacks and
- Original Message -
From: Nomen Nescio [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 24, 2003 1:20 PM
Subject: Re: Brumley Boneh timing attack on OpenSSL
Regarding using blinding to defend against timing attacks, and supposing
that a crypto library is going to have
24 matches
Mail list logo