Cryptography-Digest Digest #301, Volume #10 Thu, 23 Sep 99 11:13:04 EDT
Contents:
Re: RSA 640 bits keys factored, French banking smart card system craked! (Thomas
Pornin)
Re: RSA weak? (Michael =?iso-8859-1?Q?=D8stergaard?= Pedersen)
Re: Purdue's Large Number (Ruud de Rooij)
Re: msg for Dave Scott (Tom St Denis)
Re: Securing Executables ("ME")
peekboo msgs (Tom St Denis)
Re: Purdue's Large Number ("Clive Tooth")
Re: RC4 or IBAA or ISAAC to generate large random numbers (Gaston Gloesener)
RE: RSA weak? ("Kem")
Re: frequency of prime numbers? (Patrick Juola)
Re: International crypto restrictions (Eric Lee Green)
Re: EAR Relaxed? Really? (fungus)
Re: Purdue's Large Number (Peter Gunn)
Re: Decryption --Help!!! (DJohn37050)
Re: frequency of prime numbers? (Patrick Juola)
Re: RSA weak? (DJohn37050)
Re: msg for Dave Scott (SCOTT19U.ZIP_GUY)
Decryption --Help!!! ([EMAIL PROTECTED])
Re: RSA 640 bits keys factored, French banking smart card system craked! (Thomas
Pornin)
Re: msg for Dave Scott (Johnny Bravo)
Re: msg for Dave Scott (Tom St Denis)
Re: RSA weak? (Patrick Juola)
Re: RSA weak? (Thomas Pornin)
Re: msg for Dave Scott (jerome)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: 23 Sep 1999 11:50:32 GMT
According to Laurent PELE <[EMAIL PROTECTED]>:
> Now, Serge Humpich is continuously followed by people from the secret
> agencies.
This is unprofessionnal. People from secret agencies are, by definition,
secret. You do not notice when they follow you.
--Thomas Pornin
------------------------------
From: Michael =?iso-8859-1?Q?=D8stergaard?= Pedersen <[EMAIL PROTECTED]>
Subject: Re: RSA weak?
Date: Thu, 23 Sep 1999 14:20:40 +0200
> RSA algorithm is based on the generation of a key thanks to two prime
> number very high. Prime numbers has the cuality of been only divisible by
> their and 1, but maybe two differents numbers (not prime) has the quality of
> generate the same key, and maybe it is possible to take adventage of this
> quality to break algorithm with "littles" changes....
If I understands you right, you're asking if, lets say n = pq where
p and q are primes, there exists two non-prime numbers, say a and b,
so n = pq = ab
There don't. Assume that there did, then a and b could be written as
a = a0*a1*...*ar where ai ( 0<=i<=r ) is a prime
b = b0*b1*...*bs where aj ( 0<=i<=s ) is a prime
This would mean that
pq = ab = a0*a1*...*ar*b0*b1*...*bs
but since p and q are primes this could only be true if a = a0 = p
and b = b0 = q, hence p and q are the only two numbers that multiplied
together produces n.
Regards,
Michael
--
+-----------------------------------------------+
| "Random numbers should not be generated |
| with a method chosen at random" |
| - Donald Knuth |
+-----------------------------------------------+
------------------------------
From: Ruud de Rooij <*@spam.ruud.org>
Crossposted-To: sci.math
Subject: Re: Purdue's Large Number
Date: 23 Sep 1999 14:04:19 +0200
Reply-To: *@spam.ruud.org
Peter Gunn <[EMAIL PROTECTED]> writes:
> Bob Silverman wrote:
>
> > In article <7satdt$p2v$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (Dave Rusin) wrote:
> > > In article <7samo2$kv4$[EMAIL PROTECTED]>,
> > > John M. Gamble <[EMAIL PROTECTED]> wrote:
> > > >"The number Purdue needs to factor is
> > > >163790195580536623921741301545704495839
> > > >239656848327040249837817092396946863513
> > > >212041565096492260805419718247075557971
> > > >445689690738777729730388837174490306288
> > > >87379284041.
> > >
> > > Typo? Easily found factors of 3, 39341, 46591, 163245571
> >
> > 3^349 - 1 (this number) was finished a couple of years ago.
> >
> > Factored means fully factored and not just finding a few small
> > factors.
>
> Far be it for me to argue with a crypto god but,
>
> 3^349-1 =
> 3275803911610732478434826030934089916784\
> 7931369665408049967563418479389372702642\
> 4083130192984521610839436494151115942891\
> 3793814775554594607776743489806125777475\
> 8568082
>
> And it couldnt really have been odd could it? ;-)
It's also highly unlikely that 3^349 - 1 has 3 as one of its factors.
- Ruud de Rooij.
--
ruud de rooij | *@spam.ruud.org | http://ruud.org | http://weer.moonblade.net
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 11:44:08 GMT
In article <[EMAIL PROTECTED]>,
Anton Stiglic <[EMAIL PROTECTED]> wrote:
> Does trailing aaaaaaaaaaaaaaaaaaa's do look suspicious Tom. I know that sometimes
>when
> I mistakenly did some operations on a pointer instead of the value of the pointer I
>got
> stuff
> like that, repeated symbols. This would be very rare if it realy was the output of a
> decent
> crypto function. Did you try going throw your code with a debugger, have you
>compared
> different encryption result, is there anything similar between them (if so, you are
>not
> correctly doing the operations....).
The trailing 'a's are because I haven't found a accurate method of
calculating exactly how many bytes I need to output to avoid truncating
partial blocks . I have tried things like 16 - (size mod 16), and that
doesn't work... so I used 48 (this num seems to work ok). If you want to try
and fix it get the source. I am working on it now actually.
Let me assure you the message is encrypted. Want prove? Send two messages 6
bytes each ...that will be 8 chars of 'binhex'. then a bunch of 'a's.
Anyawys that's not the point of this thread.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "ME" <[EMAIL PROTECTED]>
Subject: Re: Securing Executables
Date: Thu, 23 Sep 1999 14:16:16 +1000
A great desire, but not feasible in many high risk environments.
If you have reasonable trust of the client workstation (ie rarely virus
infected, or crashes) than you are probably ok for monderate risk
environments
See this patent for information on a system which goes beyond the features
which you propose, but has been shown vulnerable to reverse engineering.
If anyon has an opportunity to reverse engineer, or your binary is or may be
released outside a known/controlled environment, forget it.
By the way - public key technology is shared security value. If the
security value (the certifying key/certificate) can be replaced, your whole
system is dead in the water, and capable of being misused without detection.
This is the main issue with the "NSAKEY/Micrsoft" hoohaa, and all other
software-based security systems relying on public keys.
Lyal
Peter Johnson wrote in message <7sb75f$f49$[EMAIL PROTECTED]>...
>I'm designing a client/server application that will run in real-time.
>Assuming that the network traffic is secure by using strong encryption, a
>good random number generator for packet sequencing, compression, etc. how
do
>I protect against an attack on the client executable?
>
>For example, if the attacker were running the executable in a debugger
could
>he breakpoint at the point in which the data is sent and then backtrack to
>discover the plain text. Or simply search memory for the plain text (if
>known) and work from there?
>
>I've thought of some solutions:
>
>1. Use something like SHA-1 to check the exe at load time for tampering.
>2. Check with SHA-1 periodically as the client is running.
>3. Can we check we're running inside a debugging environment and crash out?
>4. Compress and encrypt local data files
>
>What do you think?
>
>Peter Johnson
>
>
>
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: peekboo msgs
Date: Thu, 23 Sep 1999 11:50:12 GMT
Ok I think I figured out the trailing a bit. The formula I was using before
was just flawed that's all. For the next release the padding should be
eliminated (or at least a lot less).
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Clive Tooth" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Purdue's Large Number
Date: Thu, 23 Sep 1999 13:34:48 +0100
/2
--
Clive Tooth
http://www.pisquaredoversix.force9.co.uk/
End of document
------------------------------
From: Gaston Gloesener <[EMAIL PROTECTED]>
Subject: Re: RC4 or IBAA or ISAAC to generate large random numbers
Date: Thu, 23 Sep 1999 12:51:34 GMT
Sory I was off for a week,
> > The named random number generators (RC4, IBAA, ISAAC are beased on
an
> > array of 32-bit (m) values and each run returns another array of the
> > same size than the first giving a set of random numbers (r).
> >
>
> Huh?
>
> RC4 certainly isn't 32-bit, and I don't think ISAAC is either.
>
If I remember well IBAA uses a shift 19 (!) so it cannot be 8 bit.
> > What is the correct way to generate larger random numbers (>64
bits):
> >
>
> Using 8-bit RC4, generate eight bytes and combine them into
> a 64 bit (or larger) number.
>
> > Two Methods can be done:
> >
> > 1. Handle large integers inside the algorithm, for example through a
> > C++ class of huge binaries.
>
Why doesn't this make sense ?
>
> > 2. Compute a set of results (r-array) and use consecutive 32-bit
values
> > to fill-up the resulting random number. Thus the first result of a
128
> > bit random-number will be (r[0]<<96)|(r[1]<<64)|(r[2]<<32)|r[3],
> > combining the first 4 32-values to one 128-bit value. This would be
the
> > way I would suggest,
>
The question here was. :Lets suppose that IBAA fullfills all my needs,
does the combination really satisfies the same mathematical
condifitions. There is a whole lot of difference to compute a large
number or combine it from smaller ones. The most simple is the number
themself. When algorithm A generates 8 bit numbers it will assure that
all numbers from 0 to 255 are generated. But using to consecutive
outputs from algorithm A an dombining them to a 16 bit value das not
guarantee that all numbers between 0 and 65535 ! You see the answer is
not so trivial.
Regards,
Gaston
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Kem" <[EMAIL PROTECTED]>
Subject: RE: RSA weak?
Date: Thu, 23 Sep 1999 15:21:28 +0200
>
> pq = ab = a0*a1*...*ar*b0*b1*...*bs
>
> but since p and q are primes this could only be true if a = a0 = p
> and b = b0 = q, hence p and q are the only two numbers that multiplied
> together produces n.
>
I understand, but if you say a=a0=p then you must say
b=a1*...*a2*b0*b1*...*bs=q (not b=b0=q), and this is main idea, two non
prime numbers leads to n.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: frequency of prime numbers?
Date: 23 Sep 1999 09:37:47 -0400
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>> In article <[EMAIL PROTECTED]>,
>> Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>> >Boris Kolar wrote:
>> >
>> >> Bob was right. There are true statements that can't be proved. One of such
>> >> statements is "This axiomatic system is consistent" (for some axiomatic
>> >> systems). Obviously it can be either true or false. But if the axiomatic
>> >> system is rich enough, the statement can't be proved.
>> >
>> >In what sense is the statement true then?
>>
>> Well, the system either *is* consistent, or it isn't. It's just
>> not possible to prove the consistency within the system. It may
>> be possible to prove (or disprove) consistency using a large
>> system.
>>
>> First-Order-Logic has, for instance, been *proved* consistant (Godel's
>> first significant theorem). But he didn't restrict himself to
>> FOL in performing the proof.
>
>So truth is context-dependent.
In the loose sense that statements that contain unbound variables can
take different truth values depending upon the bindings, yes. I don't
think you can make the case that, for instance, the statement 'x^3 + 2x^2
+ 7 has at least one solution over the real number line' is context-
dependent. However, Greg Chaitin has shown 'unprovable' statements
of approximately this form.
More formally, truth is evaluated against a model -- within a model,
truth is independent of any scheme of reasoning. The real world, of course,
is such a model -- and a statement is True iff it holds for the specific
model of the real world.
Provability, of course, is evaluated against a reasoning system.
>Here I'm using the slippery context-dependence by which provability is evaluated
>within an axiomatic system (intrinsic property) while truth value is known from
>outside the system (extrinsic property).
>
>Is there a fundamental inequality that asserts unprovable true statements cannot
>be negated?
No. But neither the truth nor the falsity of an unprovable true nor
an unprovable false statement can be established *within the reasoning
system against which the statement is unprovable.* You can easily
establish that a given system is true/false within the same model by using
more powerful reasoning.
-kitten
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: International crypto restrictions
Date: Thu, 23 Sep 1999 06:37:54 -0700
"SCOTT19U.ZIP_GUY" wrote:
> >If you are not a U.S. citizen, you will have to obey a) the laws of
> >whatever host country you are located in, and b) the laws of your own
> >home country.
> You make it sound like there is no conflict. Since you wrote
> "and" it is more than possible the 2 sets of laws conflict.
> Like what side of the sreet you drive on. Or do you arbitrary
> get to decide which lwas are in force.
You are correct, this is a constant source of irritance to international
businessmen. For example, in many Third World countries the government
bureaucrats are not paid enough to live on. They thus must, and are
expected to, personally extract money from those who need government
services in order to obtain the money necessary to survive. The locals
consider this a normal cost of doing business. The U.S. government
considers this bribery of government officials.
But the fact remains that the U.S. government expects you to follow U.S.
law at all times, regardless of whether you are physically located in
the U.S. or not. Heck, they even try to apply the same standards to
foreign citizens -- anybody remember Manuel Noriega? Hell, he was
president of a whole damned COUNTRY, and the U.S. went in with the
Marines, kidnapped him, brought him to Miami, and put him on trial. For
most countries, though, they just have to ask the host country politely
for the extradition of the "arms trafficker".
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
There Is No Conspiracy
------------------------------
From: fungus <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Thu, 23 Sep 1999 14:56:04 +0200
Greg wrote:
>
> In article
> <[EMAIL PROTECTED]>,
> Eric Lee Green <[EMAIL PROTECTED]> wrote:
> >
> > Oh poop. You'd hear of it alright, because we would never
> > agree to put two back doors into our software....
>
> So you mean you would violate an NDA with the federal government
> that would expose their true intentions that they would desire
> to keep close to their chest? Do you really think they would
> let you do this without hell to pay? I don't.
>
Any decent security company would never sign such a restrictive
NDA in the first place.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Purdue's Large Number
Date: Thu, 23 Sep 1999 12:53:45 +0100
Bob Silverman wrote:
> In article <7satdt$p2v$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Dave Rusin) wrote:
> > In article <7samo2$kv4$[EMAIL PROTECTED]>,
> > John M. Gamble <[EMAIL PROTECTED]> wrote:
> > >"The number Purdue needs to factor is
> > >163790195580536623921741301545704495839
> > >239656848327040249837817092396946863513
> > >212041565096492260805419718247075557971
> > >445689690738777729730388837174490306288
> > >87379284041.
> >
> > Typo? Easily found factors of 3, 39341, 46591, 163245571
>
> 3^349 - 1 (this number) was finished a couple of years ago.
>
> Factored means fully factored and not just finding a few small
> factors.
Far be it for me to argue with a crypto god but,
3^349-1 =
3275803911610732478434826030934089916784\
7931369665408049967563418479389372702642\
4083130192984521610839436494151115942891\
3793814775554594607776743489806125777475\
8568082
And it couldnt really have been odd could it? ;-)
ttfn
PG.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Decryption --Help!!!
Date: 23 Sep 1999 14:10:12 GMT
Aegean Park Press?
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: frequency of prime numbers?
Date: 23 Sep 1999 09:40:49 -0400
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> Donald Welsh <[EMAIL PROTECTED]> wrote:
>> >On Fri, 06 Aug 1999 17:27:45 GMT, Bob Silverman <[EMAIL PROTECTED]> wrote:
>> >
>> >>No. What Goedel showed was that any sufficiently rich axiomatic
>> >>system is incomplete in the sense that there are true statements
>> >>which can not be proved. [as well as other stuff I won't discuss].
>> >>Peano arithmetic is "sufficiently rich", BTW.
>> >
>> >I'd like to correct this misconception, if I may. Godel's theorem
>> >does not say that "there are true statements that cannot be proved".
>> >It says that there are unprovable statements. These statements are
>> >neither true nor false.
>>
>> But at least some of the statements *are* either true or false; in
>> particular, Godel's sentence is an equation which either does or
>> does not have a solution -- which is a property of the mathematics
>> and not of the representation. So the Godel "sentence" *is*
>> actually either true or false within a given model -- but we'll
>> never know which.
>
>This is like saying particles actually have both a precise position and
>momentum, but we are unable to know them. Now in physics we can show
>experimentally, that that is not the case. Is there a proof that there
>cannot be a mathematical analogue for the double slit experiment?
There is. First order logic has been proved consistent (by Goedel).
There is also a proof, again by Goedel, that the consistency of
a consistent system cannot be proved using only techniques within that
system.
So we have a proof that first order logic is consistant, but also a
proof that first order logic can neither find nor express that proof.
Hence the consistency of FOL is unprovable (within FOL) but true --
we know it's true because it's provable in a more powerful system.
-kitten
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: RSA weak?
Date: 23 Sep 1999 11:58:12 GMT
For explanation of RSA, see IEEE P1363.
Search on any web search engine.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 12:51:20 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo)
wrote:
>On 23 Sep 1999 04:15:12 GMT, [EMAIL PROTECTED] (JPeschel) wrote:
>
>>Yes, Dave claims that the chaining modes and "short key" ciphers
>>are weak. It is, however, according to Dave, the NSA that can
>>break these.
>>
>>Which ciphers have you broken?
>>
>>Joe
>
> He's like Charles Booher, he thinks that all the crypto in the world, except
>for his own personal system, has already been broken by the NSA.
>
> Johnny Bravo
>
Actaully I feel that most systems are very weak. Since they incorporate
weaknesses that are esily verifabel to leak info. I actaully designed the
scott19u contest so that if the exact thing was done in AES using your
favortie chaining mode that even David Wagner could solve the problem
in less than a day. But you may not be bright enough to see that.
I have looked at the 3-letter chaining modes and so they are weak
becasue all they are all "error recoveryabel" So that an ememy needs
to only have a small sample of the code to see if a KEY works. This
is not possibel in an "all or nothing cipher" like scott16u. But then
again you may not have understood the simple tests to see this.
I looked at compression and can see that if the compression used
is not "one to one" an attacker may have enough info to break
a cipher knowing only the encrypted files and the compression
method used regardless of the file encrypted. If that is not
enough to make people wake up to who controlled and directed
open crypto is then there is not much I can do.
Yes I think scott16u and scott19u is strong becasue it does
not have all the weaknesses that leak info that will be in
the short key weak 3-letter chaining systems that will be the
norm in AES.
And yes I am not a GOD my code could be weak too. But at least
it is not weak in areas that the AES methods will obviously be weak.
I had hoped more would be in the realease of GnuPG but I see it
will only use short keyed methods with non "one to one" compression.
But why should any one care if the NSA can break it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Decryption --Help!!!
Date: Thu, 23 Sep 1999 13:35:26 GMT
Anybody out there know where I can find a trigram-- you know a listing
of the frequencies of three letter words in the english alphabet ENT,
etc.
I have searched all over but cannot find one. I have a digram, but I
would like to find a trigram so I can use it in my program to break a
monoalphabetic cipher. Thanking you in advance!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: 23 Sep 1999 11:47:08 GMT
According to Laurent PELE <[EMAIL PROTECTED]>:
> Because zero-knowledge protocols (like the Fiat-Shamir scheme) was
> available in 1991 and smartcards should be based on such protocol
> before massively use smartcard in point of sale terminals since 1993.
You might try to compare the volume of data that must be exchanged
between the verifier and the prover in a zero-knowledge protocol such as
Fiat-Shamir, and the input/output bandwidth of a smartcard.
You might also consider the computational power of a 0.5$ smartcard.
If you can implement a fast and secure zero-knowledge protocol on a
3.57MHz 6805 and a bandwidth of 9600 bits/s, please do. Remember that
the identification must not take more than 4 or 5 seconds.
--Thomas Pornin
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 10:02:54 GMT
On Thu, 23 Sep 1999 12:51:20 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
wrote:
> I have looked at the 3-letter chaining modes and so they are weak
>becasue all they are all "error recoveryabel" So that an ememy needs
>to only have a small sample of the code to see if a KEY works. This
>is not possibel in an "all or nothing cipher" like scott16u. But then
>again you may not have understood the simple tests to see this.
Even if you could check each one of these keys by checking a single byte,
it doesn't change the simple fact that a 256 bit symmetric key will need an
average of 5.789e76 tests to break that key.
Even if these so called "weak" systems made it a trillion times easier to
brute force than a cipher didn't have error recovery. You could get a billion,
billion computers that can try a billion, billion keys each and every second and
it would still take 18 billion, billion, billion years to check the 1/2 of the
keyspace that it would take to give you a 50/50 chance of cracking that one key.
But then again you may not have understood the simple math it takes to see
this.
Johnny Bravo
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 14:23:42 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> jerome wrote:
>
> > can you explain all these 'a' at the end and in the middle of the
> > cypher text ?
>
> Yes, that is padding used by the program itself, nothing to do with
the
> ciphers nor the encryption system, it's mearly there for error
correction
> I believe.
It was because I didn't know how to calculate the padding. I finally
just sat down and wrote down an equation that works :). See the thing
is the message first must be a multiple of the block size, then add 20
(the header takes twenty bytes) then make the entire glob a multiple of
3 (my binhex takes 3 bytes at a time).
The next release (due in two weeks) will have this unpleasantry fixed.
In the mean time enjoy 1.5
http://www.cell2000.net/security/peekboo/index.html
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: RSA weak?
Date: 23 Sep 1999 10:35:50 -0400
In article <7sdccd$gdv$[EMAIL PROTECTED]>,
Kem <[EMAIL PROTECTED]> wrote:
>OK, I am convinced, now, other question. is it possible to decompose n in
>more that two factor? maybe decimals? Example n=3*7=21; n=6*3'5=21
>n=3*2*3'5 ; maybe this is possible to aprovechate.
The RSA math doesn't work except in a finite field. So, no, this doesn't
help.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: RSA weak?
Date: 23 Sep 1999 13:38:45 GMT
According to Kem <[EMAIL PROTECTED]>:
> I understand, but if you say a=a0=p then you must say
> b=a1*...*a2*b0*b1*...*bs=q (not b=b0=q), and this is main idea, two non
> prime numbers leads to n.
That's nonsense. The decomposition of a number into prime factors
is unique; if n=pq and p and q are primes, there is no other way of
decomposing n into smaller factors.
--Thomas Pornin
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: msg for Dave Scott
Date: 23 Sep 1999 14:43:30 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 23 Sep 1999 03:37:35 GMT, Tom St Denis wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> On Wed, 22 Sep 1999 12:09:57 GMT, Tom St Denis wrote:
>> >
>> >beaqaaamL6MNs6}utuaaaaiaaaaW{dsG{jC4KzE3hoqb}tWYZ9qT2Fcaaaaaaaaaaaaa
>> >aaaaaaaaaaaaaaaaaaaaaaaaa
>>
>> can you explain all these 'a' at the end and in the middle of the
>> cypher text ?
>>
>
>Why?
because if you want your cryptosystem to be reviewed,
you have to provide clear answers on obvious questions
like this one.
> You think they are clues to the message?
they may be clue about your skills and so a way to break the system.
>At first I was going to say READ THE SOURCE, but I realize that's unfair.
>Some people work (unlike me), so I am going to say 'a' represents the 6-bit
>number zero and that the header contains some (size, and cipher id). The
>'a's at the end is padding to avoid corrupting the end of the message.
have you a clear and short description of your system available ?
(not the sources) something explaining the componants of the system
and why you have choosed these ones.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
