Cryptography-Digest Digest #354, Volume #13 Sun, 17 Dec 00 12:13:01 EST
Contents:
hash function for public key digital signature : one way? ([EMAIL PROTECTED])
Re: Sr. Cryptographer/mathematician ([EMAIL PROTECTED])
Re: Silly question (Simon Johnson)
Re: important programming languages (Tim Tyler)
Re: hash function for public key digital signature : one way? (Simon Johnson)
Re: Q: Result of an old thread? (Mok-Kong Shen)
Re: Nonlinearity question (Mok-Kong Shen)
Re: Unguessable sequence of unique integers? (Mok-Kong Shen)
Re: Q: Result of an old thread? (Mok-Kong Shen)
Re: Q: Result of an old thread? (Mok-Kong Shen)
Re: important programming languages (Tim Tyler)
Re: Really simple, but hopefully secure, cipher (Simon Johnson)
Re: Array shuffling (Tim Tyler)
Re: Elliptical Curve Math Question (Francois Grieu)
Re: Elliptical Curve Math Question (Bob Silverman)
Re: Silly question (Dido Sevilla)
Re: Elliptical Curve Math Question (Simon Johnson)
Re: Unguessable sequence of unique integers? ("Brian Gladman")
Re: Visual Basic Source Code ([EMAIL PROTECTED])
Re: Unguessable sequence of unique integers? ("Brian Gladman")
Windows 2000 logon and internet password storing into smartcard ("Paolo Bernasconi")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: hash function for public key digital signature : one way?
Date: Sun, 17 Dec 2000 13:58:05 GMT
hash function for the public key digital signature must be one way ?
I think a collision free hash function is adequate for the
authentication in public key digital signature that includes the signed
message digest and plaintext. No motivation to generate the plaintext
from the "unsigned" digital signature or message digest since the
plaintext is publicly available.
May I conclude that one-way property of the hash function in public key
digital signature is only necessary for the hybrid protocol because it
wants to preserve the secrecy of the plaintext?
Thanks!
Vincent
[EMAIL PROTECTED]
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Sr. Cryptographer/mathematician
Date: 17 Dec 2000 14:59:51 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <91de4d$rqh$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> Tom St Denis <[EMAIL PROTECTED]> wrote:
>> > In article <91adko$2c9$[EMAIL PROTECTED]>,
>> > Rick Booth <[EMAIL PROTECTED]> wrote:
>> >> Tom St Denis <[EMAIL PROTECTED]> wrote:
>> >> > In article <[EMAIL PROTECTED]>,
>> >> > John Myre <[EMAIL PROTECTED]> wrote:
>> >> >> Tom St Denis wrote:
>> >> >> >
>> >> >> > In article <1ZrZ5.287$[EMAIL PROTECTED]>,
>> >> >> > "Matt Timmermans" <[EMAIL PROTECTED]> wrote:
>> >> >>>> Your rather gritty usenet manner is sometimes entertaining,
> Tom,
>> > but
>> >> >>>> there are many reasons to be more civil.
>> >> >>
>> >> >>> "You're rather..." hehehehe... Just trying to have some fun.
>> >> >> <snip>
>> >> >>
>> >> >> I'm not clear on something here. Do you seriously think
>> >> >> that Matt made a spelling error, which you gleefully get
>> >> >> to correct? Or, to be generous, perhaps you're attempting
>> >> >> some sort of pun? (To be clear: Matt's post is correct.)
>> >> >
>> >> > He implied a state of being "to be"/"is" in which case "your" is
> not
>> >> > correct. "You are better off..." is correct, or less
>> > formally "You're
>> >> > better off".
>> >>
>> >> No. "You're rather juvenile on usenet" would be correct, but
> Matt's
>> > line
>> >> was correct. A usenet manner is a possession, and this one
> belongs to
>> >> you. "You are rather gritty usenet manner" is clearly nonsense.
>>
>> > I was right in the first place. "Your" is the flipside of "mine"
>> > and "You're" is the flipside of "I Am"
>>
>> > So I could interpret it as "Mine better to ..." makes NO SENSE!
>>
>> Damn, Tom, read what you're talking about above... The quote didn't
>> have the word "better" anywhere in it. The original posting was "Your
>> rather gritty usenet manner...." which you "corrected" to "You're
>> rather..."
>>
>> You were wrong in that correction. You were wrong in the
>> clarification of your correction. And you were wrong again in this
>> last posting. All the material is quoted up above. READ it before
>> you make more foolish postings....
> My original correction is in fact correct. It is not "your better off"
> it's "You are better off"... Whether you want to believe me or not...
READ, READ, READ!!! Damn, I can't believe I'm getting this frustrated
with you.... it's really just not worth it.
Despite the fact that you keep saying this "You are better off" crap
over and over, it is completely irrelevant to the original posting
(the "better" part is correct, but irrelevant). The word "BETTER"
didn't appear ANYWHERE in the posting. You made up a different
example, and you're what -- hoping everyone doesn't realize that it's
completely fabricated?
Ok, I'm going to take a chill pill now. Getting into a grammar war is
really stupid, but when I see someone repeatedly missing a very
obvious point, I get really frustrated.....
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Silly question
Date: Sun, 17 Dec 2000 15:16:11 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> Does the chinese remainder theorem work for polynomials over GF(2)?
>
> You would of course have to replace the word 'prime integer' in the
> normal CRT description with 'irreducible polynomial,' but it seems to
me
> as if it might be doable.
I'd also say it is, since you can describe a binary integer as a
polynomial.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: important programming languages
Reply-To: [EMAIL PROTECTED]
Date: Sun, 17 Dec 2000 15:33:18 GMT
Paul Schlyter <[EMAIL PROTECTED]> wrote:
: I wonder if we'll ever see a "hardware compiler" which compiles e.g.
: a C program into not assembly language but a hardware implementation
: executing the operations specified by the program. [...]
Handel C. A close C variant for direct hardware compilation. Oxford
Hardware Compilation Group. Embedded Solutions Ltd. Celoxia.
[http://www.celoxica.com/]
In particular, see the document on:
http://www.celoxica.com/university/academic_papers.htm
``Handel-C an effective method for designing FPGAs (and ASICs).''
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: hash function for public key digital signature : one way?
Date: Sun, 17 Dec 2000 15:29:08 GMT
In article <91igpd$nlb$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> hash function for the public key digital signature must be one way ?
>
> I think a collision free hash function is adequate for the
> authentication in public key digital signature that includes the
> signed
> message digest and plaintext. No motivation to generate the plaintext
> from the "unsigned" digital signature or message digest since the
> plaintext is publicly available.
>
> May I conclude that one-way property of the hash function in public
> key digital signature is only necessary for the hybrid protocol
> because it
> wants to preserve the secrecy of the plaintext?
>
> Thanks!
>
> Vincent
> [EMAIL PROTECTED]
>
> Sent via Deja.com
> http://www.deja.com/
>
No, If the hash is reversible, then you can create another document
easily that hashes to the same value, and therefore have a situation
where i can generate any document i want and attach your signiture to
it. Collision resistance is different, if i _randomly_ pick two plain-
texts the chance of them taking the same hash value should be low.
To demonstrate this, take a hash based on RSA:
n= PQ ( p and q are prime)
e= some number relativly prime to 'n'.
Hash(x) = x^e mod n
Now i can guarantee, for this construction, that this hash is
collisionless for any x below n (its the nature of RSA).... However, if
i work out d, such that ed mod (p-1)(q-1) = 1 then i can reverse the
hash function. This then allows me to generate and identically hashing
document (greater than the size of n) using a collisionless hash.
If a hash has many collisions, it is insecure, it doesn't this doesn't
guarantee security.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Sun, 17 Dec 2000 16:39:38 +0100
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
> > Since AS is singular, B is not uniquely determined from
> > the equation AS * B = ASB. Could any solution, say B',
> > which is not identical to Bob's original matrix B, work?
>
> Answered above.
>
> > Why?
>
> Same reason the scheme decrypts.
>
> > And would such a B' be invertible?
>
> Some are. An invertible solution works in Best's solution
> for S. We could of course solve for S using a system of
> linear equations without worrying about choosing an
> invertible solution for B.
Just knowing some are invertible would solve the problem,
I suppose, if one has to try extremely long. I don't
understand your last sentence. Which system do you mean
that you want to solve? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Nonlinearity question
Date: Sun, 17 Dec 2000 16:39:44 +0100
Tom St Denis wrote:
>
> If your 129-bit polynomial is indeed irreducible then inversion has
> KNOWN properties. Such as highly nonlinear, low xor-profile and a low
> algebraic degree.
Could you supplement the 'KNOWN' with references? And
how 'high' and 'low' are these? And how much better/worse
than the optimal ones? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Unguessable sequence of unique integers?
Date: Sun, 17 Dec 2000 16:39:16 +0100
Brian Gladman wrote:
>
> "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> >
> > If the block size is sufficient small, longer key would
> > barely help. This is clear from considering the limiting
> > case of one bit block. Whether 32 bit block with large
>
> This is true but the rate of growth of the available keyspace is pretty
> fast - for a block size of 'n' bits, and hence a sequence of 2^n integers,
> the number of different integer sequences that can be generated is (2^n)!
> and by the time n reaches 32 this is pretty large.
>
> It seems that there is nothing obviously wrong with a short block, long key
> cipher as a permutation generator for all but the smallest blocks (even
> (2^8)! is pretty large!).
>
> I have put together a C++ 32-bit integer sequence generator class based on
> encrypting an incrementing counter using a 32-bit block version of RC5 with
> a 128 bit key. It is about 60 lines of code, which I will happily supply for
> evaluation purposes if anyone is interested (I believe RC5 requires a
> license for commercial use). If so just send me an email off list.
I suppose one could also scale down Rijndael and use
sufficient number of rounds and perhaps supply the user
key directly to the rounds without using any key
scheduling computations. BTW, supplementary shuffling
may well supply some additional security, I believe.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Sun, 17 Dec 2000 16:39:24 +0100
Walter Hofmann schrieb:
>
> On Sat, 16 Dec 2000 13:58:20 +0100, Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> >I doubt that your procedure works. The numerical mathematicians
> >try hard to deal with the nearly-singular matrices through
> >improving conditions etc. In the vicinity of a singular
> >matrix, you need increasingly high precision to invert.
> >In the limit, namely the true singular one, there is
> >no inverse. Look from another standpoint: If your technique
> >works, then one can 'define' an inverse for any singular
> >matrix (to work in any given situations, i.e. given set of
> >equations involving singular matrices).
>
> No. I never compute the inverse of a singular matrix. I only claim that
> the limit exists for the complete algorithm, not for every step
> involved.
>
> Certainly, if you try to compute AS'^-1 for epsilon->0 it will diverge.
> It's just the end result which converges to S.
If, as you say, it 'diverges', how could the end result
'converge'? Do you mean that if first diverges and then
converges as epsion->0? How do you know that? If that
were the case, what would happen at the turning point
between divergence and convergence? Does such a point
exist? Note that nearly singular matrices are notorious.
There are examples in textbooks showing that, even if
the residuals on substituting into the equations are
extremely small, the approximate solution can be widely
different from the true one.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Sun, 17 Dec 2000 16:39:31 +0100
Chris Monico wrote:
>
[snip]
> I have an idea of how to show this (assuming it's true) but it's
> rather tedious. If you're really interested, drop me an email and I'll
> see if I can work out the details.
It would be fine, if you could show us a small example
demonstrating that your procedure actaully works without
one having to (blindly) try all possibilities.
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: important programming languages
Reply-To: [EMAIL PROTECTED]
Date: Sun, 17 Dec 2000 15:38:25 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote:
: A minor nitpick. I did not say that assembler was "best". I was
: very careful to avoid using that word. I did say that assembler
: was the only choice that *mattered*. It matters when you need speed.
: If you don't need speed then the choice of language really does not
: matter.
Portability, maintainability, safety, time-to-market and availability of
programmers, don't "matter" then, I take it.
IMO, assembler is a dumb choice for almost anything higher than device
drivers.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Florist: Petal pusher.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Really simple, but hopefully secure, cipher
Date: Sun, 17 Dec 2000 15:41:35 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> I'm not certain if anyone has ever considered this idea, but...
>
> First, apply an AONT, such as OAEP, to the data.
I'm Sorry, i've never see these terms before. What do these terms mean
and stand-for?
>
> Follow this by a polyalphabetic substitution (run it through a keyed
> sbox).
>
> How secure is this?
It probably depends how these s-boxes were constructed from the key.
For example, what if my s-box generation agorithm was:
s(i) -> i'th s-box look-up
Generation:
s(i) = i*0
I know this is a totally stupid function, but what i'm trying to
demonstrate is that without the algorithm for the s-box generation, we
can't asses it.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Array shuffling
Reply-To: [EMAIL PROTECTED]
Date: Sun, 17 Dec 2000 15:46:04 GMT
David Schwartz <[EMAIL PROTECTED]> wrote:
: Matt Timmermans wrote:
:> It would be incorrect if I had actually said that. What I said was the the
:> lowest N bits of the state have a period at most 2^N, which is true.
: You are literally correct. However, it's far from obvious that this is
: necessarily a defect in the algorithm.
This is also a description of the LCG in Sun's JVM.
It uses a 48-bit state and outputs the top 32 bits.
The defect is quite visible in simple programs - e.g.:
http://alife.co.uk/nonrandom/
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Elliptical Curve Math Question
Date: Sun, 17 Dec 2000 16:59:01 +0100
"Mike Vaughn" <vaughnmt@@home.com> wrote:
> y^2 = x^3 + A x + B
> I am having a dilly of a time solving for X once A, B and Y are known.
Beware that the kind of Elliptical Curves used in cryptography does not
operate on real numbers. Try
<http://www.google.com/search?q=third+degree+equation>
for the problem you asked, or
<http://www.google.com/search?q=elliptic+curve+cryptography>
for links in the crypto domain.
Francois Grieu
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Elliptical Curve Math Question
Date: Sun, 17 Dec 2000 16:04:25 GMT
In article <JI3%5.40688$[EMAIL PROTECTED]>,
"Mike Vaughn" <vaughnmt@@home.com> wrote:
> Hi,
> I wish to use the following formula to generate elliptical curves:
>
> y^2 = x^3 + A x + B
>
(1) It is "elliptic", not "elliptical"
> or similarly:
>
> y = sqr(B + A x + x^3 )
These two expressions for y are NOT equivalent. Give some thought
as to why I say this. If you can't figure it out, I will tell you
in another day or so...
> I can play around with A, B and X all day to solve for Y, that part
is easy.
> The problem that I am having is that I am having a dilly of a time
solving
> for X once A, B and Y are known.
What makes you assume that you NEED to solve for x?
You are asking for the general formula to solve a cubic polynomial.
It is NOT needed to do arithmetic with elliptic curves.
Further note: If the curve is over Q, then Siegel's theorem says
it will have finitely many points that are integers (true over
any finite extension of Q as well). But it may (or may not) have
infinitely many rational points. This depends on the rank of the
curve.
Typically, in cryptography, one considers curves not over Q but over
a finite field. Now, by a theorem of Hasse, the number of points on
the curve will be very close to the size of the field. Further,
solving cubics over a finite field is easy. See Knuth Vol 2 or
H. Cohen's book on Computational Algebraic No. Theory
May I suggest you read any standard book on the subject?
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: Silly question
Date: Mon, 18 Dec 2000 00:03:43 +0800
Benjamin Goldberg wrote:
>
> Does the chinese remainder theorem work for polynomials over GF(2)?
>
Well, the only way to verify it is to actually go through the motions of
the proof, using the properties of GF(2)[x] instead of Z. Another way
is to prove it is to prove that the ring of polynomials with
coefficients in GF(2) is isomorphic to Z. I think that the two rings
are isomorphic if you consider the map from GF(2)[x] -> Z where you'd
evaluate the polynomial in GF(2)[x] as though it were a polynomial in
Z[x] at the value 2. Well, I'm too lazy to prove that this map is
actually an isomorphism, but if it is, then the chinese remainder
theorem is probably valid in GF(2)[x] as well as in Z. AFAIK the
chinese remainder theorem can be proved using only the integral domain
structure of Z, and hence is true for any integral domain isomorphic to
Z.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Elliptical Curve Math Question
Date: Sun, 17 Dec 2000 16:24:56 GMT
In article <JI3%5.40688$[EMAIL PROTECTED]>,
"Mike Vaughn" <vaughnmt@@home.com> wrote:
> Hi,
> I wish to use the following formula to generate elliptical curves:
>
> y^2 = x^3 + A x + B
>
> or similarly:
>
> y = sqr(B + A x + x^3 )
>
> From what I've been able to learn is that these are fairly standard
formulas
> for such.
>
> I can play around with A, B and X all day to solve for Y, that part
is easy.
> The problem that I am having is that I am having a dilly of a time
solving
> for X once A, B and Y are known.
>
> Assuming that:
>
> A = 10
> B = 20
> X = 8
>
> Y = Sqr(B + (A * X) + (X ^ 3))
> Y = Sqr(20 + (10 * 8) + (8 ^ 3))
> Y = 25
> =============================
>
> Inversly:
>
> A = 10
> B = 20
> Y = 25
>
> Y = Sqr(B + (A * X) + (X ^ 3))
> 25 = Sqr(20 + (10 * X) + (X ^ 3))
> X = ???
>
I am told that there is a general equation for cubic equations such
that you can find x from y BUT i don't know what it is.
i'd use newton's method... if you don't know what this is, search for
newton's method on a search engine..... its there (its an algorithm for
finding the roots of a function)
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Unguessable sequence of unique integers?
Date: Sun, 17 Dec 2000 16:41:39 -0000
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Brian Gladman wrote:
> >
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > >
> > > If the block size is sufficient small, longer key would
> > > barely help. This is clear from considering the limiting
> > > case of one bit block. Whether 32 bit block with large
> >
> > This is true but the rate of growth of the available keyspace is pretty
> > fast - for a block size of 'n' bits, and hence a sequence of 2^n
integers,
> > the number of different integer sequences that can be generated is
(2^n)!
> > and by the time n reaches 32 this is pretty large.
> >
> > It seems that there is nothing obviously wrong with a short block, long
key
> > cipher as a permutation generator for all but the smallest blocks (even
> > (2^8)! is pretty large!).
> >
> > I have put together a C++ 32-bit integer sequence generator class based
on
> > encrypting an incrementing counter using a 32-bit block version of RC5
with
> > a 128 bit key. It is about 60 lines of code, which I will happily supply
for
> > evaluation purposes if anyone is interested (I believe RC5 requires a
> > license for commercial use). If so just send me an email off list.
>
> I suppose one could also scale down Rijndael and use
> sufficient number of rounds and perhaps supply the user
> key directly to the rounds without using any key
> scheduling computations. BTW, supplementary shuffling
> may well supply some additional security, I believe.
>
> M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Visual Basic Source Code
Date: Sun, 17 Dec 2000 16:40:25 GMT
Paul Schlyter <[EMAIL PROTECTED]> wrote:
>> You ever try and build an OS in cobol? What about python? sh? perl?
>> forth, pascal, logo, prolog, fortran?
>
> forth gets quite close though: the forth OS is in large part written
> in forth.
And JavaOS is written completely in java. So by your definition it's
more of a "real" language than forth? This is exactly the kind of
nonsensical situation sweeping generalisations lead to.
> Logo though is THE toy language of all, as it's so focused on writing
> cute animations quickly.
Indeed, the simple syntax and graphics facilities have actually led
people to do productive molecular modeling work in Logo. It's a shame
that it's only a toy language or the research could have taken much
longer for the exact same results.
> The others are a mixture of application languages and scripting
> languages. Of course they have their uses, but they will get in
> your way if you want to program on the bare metal. True, many
> programmers need never do that, OTOH Real Programmers enjoy doing
> just that - that's why they need Real Programming Languages.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Unguessable sequence of unique integers?
Date: Sun, 17 Dec 2000 16:47:53 -0000
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
[snip]
> I suppose one could also scale down Rijndael and use
> sufficient number of rounds and perhaps supply the user
> key directly to the rounds without using any key
> scheduling computations.
I personally would not change a cipher in this way since I don't have the
expertise to do so. Nor would I trust such a change unless it was done by
cryptographic experts and then reviewed for a number of years. The good
thing about RC5 is that it has been designed for a 32-bit block size (among
others).
>BTW, supplementary shuffling may well supply some additional security, I
believe.
I doubt that a 128-bit key needs much help :-)
Brian Gladman
------------------------------
From: "Paolo Bernasconi" <[EMAIL PROTECTED]>
Subject: Windows 2000 logon and internet password storing into smartcard
Date: Sun, 17 Dec 2000 17:00:07 GMT
Dear All,
I want to store a set of password into a smartcard PC/SC compilant and
access
to a windows 2000 session with the same smart card.
I'd like to link passowrd request storing of Internet Explorer (a request
that explorer
do in some html pages that contain password field) to my smartcard so when
Explorer
ask me some password, that request is redirected to the smartcard.
Do you know how is possible ?
Best Regeards,
Paolo
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
