Cryptography-Digest Digest #32, Volume #14 Wed, 28 Mar 01 21:13:00 EST
Contents:
Re: PRNG analysis, runs of zeroes ("Tom St Denis")
Re: Newbie wants to shuffle... ("Henrick Hellstr�m")
Re: Strong primes ("Tom St Denis")
Re: PRNG analysis, runs of zeroes (Steve Portly)
Re: Breaking a DES encrypted code. (William Hugh Murray)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Imad R.
Faiad)
Re: Breaking a DES encrypted code. (William Hugh Murray)
Re: Breaking a DES encrypted code. (William Hugh Murray)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Tom
McCune)
Re: Malicious Javascript in Brent Kohler post ("Henrick Hellstr�m")
FIPR Release 29/3/01: Govt. stalls on licensing of computer consultants
("Savonarola")
rc4 ("Edmond Ho")
Re: Estimation of the keygen time (Chenghuai Lu)
Re: Encryption of Encrypted Material results in strength??? (Ken Prox)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Rich
Wales)
SAC2001 (Second Call for Papers) ("Amr Youssef")
Re: Deny Anon Remailers access to this newsgroup (David A Molnar)
texts on factoring? ("Tom St Denis")
Re: Malicious Javascript in Brent Kohler post (those who know me have no need of my
name)
Re: texts on factoring? (Paul Rubin)
Re: Malicious Javascript in Brent Kohler post (those who know me have no need of my
name)
Re: Encryption of Encrypted Material results in strength??? (Bill Unruh)
Re: texts on factoring? ("Tom St Denis")
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: PRNG analysis, runs of zeroes
Date: Thu, 29 Mar 2001 00:13:33 GMT
"Steve Portly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I finally got around to doing some large volume analysis of my PRNG.
> Since it takes the better part of a day to generate a trillion bit file
> I had been putting this off. It seems to me that any quantity of random
> bits should exhibit a predictable number of runs of either zero or 1.
> For very large volume tests finding long runs in your data should rule
> out many deterministic patterns.
>
> In this context, (for gaming quality randomness) what would you expect
> the longest runs to be in a trillion bit sample?
Simple the probability of any n-length run is simply (1/2)^n if the bits are
decorrelated. Which means in your trillion (2^40 for simplicity sake) you
should expect about 2^39 runs of 1, 2^38 runs of 2, etc...
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Thu, 29 Mar 2001 02:14:17 +0200
"Henrick Hellstr�m" <[EMAIL PROTECTED]> skrev i meddelandet
news:99tttg$b9s$[EMAIL PROTECTED]...
> The proof of surjectivity follows by induction....
... the fact that there are n! distinct sequences j{2},...,j{n}, the proof
of injectivety and the pigeon hole principle. Q.E.D.
One might also prove surjectivity by proving that for each number N in the
range [0..n!) there is a corresponding sequence j{2},..,j{n}. But I like the
pigeon hole principle. ;-)
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Strong primes
Date: Thu, 29 Mar 2001 00:15:59 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:P_tw6.156323$[EMAIL PROTECTED]...
>
> "John Savard" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > On Wed, 28 Mar 2001 17:09:53 GMT, "Douglas A. Gwyn"
> > <[EMAIL PROTECTED]> wrote, in part:
> > >Chenghuai Lu wrote:
> >
> > >> How much better will strong primes (p1 = k * p + 1) be vesus ordinary
> > >> primes?
> >
> > >Better for what?
> >
> > Basically, the reason for that question is, at present it is believed
> > that strong primes are better for Diffie-Hellman, but they are not
> > relevant for RSA.
>
> And more exact it's the kind of primes where q is prime and so is p = 2q +
> 1. That way q is a large sub-group of Z*p.
Err.. that's Z*q is a large sub-group of Z*p.
Tom
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: PRNG analysis, runs of zeroes
Date: Wed, 28 Mar 2001 19:15:10 -0500
Steve Portly wrote:
> I finally got around to doing some large volume analysis of my PRNG.
> Since it takes the better part of a day to generate a trillion bit file
> I had been putting this off. It seems to me that any quantity of random
> bits should exhibit a predictable number of runs of either zero or 1.
> For very large volume tests finding long runs in your data should rule
> out many deterministic patterns.
>
> In this context, (for gaming quality randomness) what would you expect
> the longest runs to be in a trillion bit sample?
Oops typo I meant 10^9 a billion not a trillion.
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Breaking a DES encrypted code.
Date: Thu, 29 Mar 2001 00:11:27 GMT
John Savard wrote:
> On Wed, 28 Mar 2001 18:20:41 +0200, "Yaniv Sapir"
> <[EMAIL PROTECTED]> wrote, in part:
>
> >This doesn't sound as the case here. When having zillions of possible keys,
> >how can one check the "sensibility" of the decrypted text? And how can it be
> >done by hardware?
>
> Either you know the original plaintext - a "known-plaintext" attack -
> or you have partial knowledge of it. For example, the plaintext might
> be uncompressed ASCII characters. In that case, have, say, seven
> blocks of ciphertext, and for each key, decrypt as many of them in
> turn as needed until you find the MSB of any byte equal to 1; if all
> are zero, you may have found the right key.
Which is why it is bad practice to encrypt a message with a strong and obvious
patter like ascii characters. One should always hide any exploitable pattern in
the plaintext before encrypting it.
The RSA Data Security DES challenges were of the form "The secret message is
....." in ascii. Of course ascii would have been enough.
>
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Imad R. Faiad <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
Date: Thu, 29 Mar 2001 03:12:19 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Hello Tom,
The reason that such attacks will fail when
aimed at PGP RSA keys, at least in PGP 6.5.1,
and PGP 6.5.8, and PGP 7.x.x (if the code has
not changed), is because of the extra code to validate
all key parameters before using the private key.
The same is not true, unfortunately, with regards
to DSA and DH keys. This may easily be corrected.
However, while this attack has no doubt brought
into light a deficiency in the PGP packet format,
we must also remember that a standard cannot provide
everything. Good programming practices are the foremost
in any software implementation. A good example of
that is the relative immunity of certain OpenPGP
implementations to such an attack.
Best Regards
Imad R. Faiad
On Wed, 28 Mar 2001 23:21:17 GMT, in alt.security.pgp Tom McCune
<[EMAIL PROTECTED]> wrote:
>Newsgroups: alt.security.pgp,sci.crypt,comp.security.pgp.discuss
>Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to
>be Forged From: Tom McCune <[EMAIL PROTECTED]>
>Date: Wed, 28 Mar 2001 23:21:17 GMT
>
>
>*** PGP Signature Status: good
>*** Signer: Tom McCune <[EMAIL PROTECTED]>
>*** Signer Key ID: 0x3624FCF5DEC3F073
>*** Signer Key Fingerprint:
>*** Signer Key Status: Invalid
>*** Signed: 3/29/2001 3:23:17 AM
>*** Verified: 3/29/2001 2:56:04 AM
>*** BEGIN PGP VERIFIED MESSAGE ***
>
>For what it may be worth, I think your work is commendable. I don't like
>to hear about PGP having such a weakness, but if it has it, we need to
>know about it. Thank you.
>
>I'm going to soon be adding a section about this to my PGP FAQ, and would
>greatly appreciate answers to the following questions:
>
>As to the testing with PGP 7.0.3, It appears that attacks to both v3 and
>v4 RSA keys will fail?
>
>Will any earlier official PGP versions allow such altered RSA keys to be
>used for signing?
>
>Probably all PGP versions will allow such altered DSS keys to be used for
>signing?
>
>This attack is described as including "capturing a signed message." Does
>this also apply to signed files? Also to "encrypted and signed"
>messages/files?
>
>
>*** END PGP VERIFIED MESSAGE ***
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: KeyID: 0xBCC31718833F1BAD
Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45
iQEVAwUBOsJvp7zDFxiDPxutAQHfaggAnwFI+SuHTdnyEkPBz5oYRB8dQWH34hHj
TbKAtKTIHeE3yFUhHQW9jV73fEyiz94t9vhoh11WTPuA0XSS+0P6sOAZQvn1zLm1
PJaivaGCqi+uFRAHy7sJkCg6M+uJXz5r1nw/SlakIYqMLT+QELMSMdlhfA2DOf1r
RuUN/zU69m6s8DYJfnLvO4rylMx6FrloJLdvA3uAs8FgqvlBsJiS4bzjMDlMuTu0
d+kNRs9xwfjjG7BDi2muoOV59F78ZGlgFpagS5/BdjwYO+yeXl8V3qnK4hsOMBJp
uSVrlDWM+OfUuUpIB25wYftVgXW9txoEnhyhuNdMGjwY3/8SbMC9NA==
=hwyS
=====END PGP SIGNATURE=====
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Breaking a DES encrypted code.
Date: Thu, 29 Mar 2001 00:16:11 GMT
"Douglas A. Gwyn" wrote:
> Yaniv Sapir wrote:
> > The whole idea is to break a code for which you *don't have* the palintext
> > original.
>
> Yes, and one way this can be done by recovering the same key as was
> used for some *other* message for which one can guess the plaintext.
Which is why it is bad practice to reuse keys and why it is good practice not to
use the same keys for messages as for other keys.
In WWII the Germans used the same Enigma key for an entire day and an entire
theatre of battle. The discovery of a key and the verification that one had
done so was easier the value higher.
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Breaking a DES encrypted code.
Date: Thu, 29 Mar 2001 00:19:25 GMT
"Douglas A. Gwyn" wrote:
> Mark G Wolf wrote:
> > The time and energy it takes to do all of this stuff is
> > kind of wasteful to begin with.
>
> We let computers do the work.
What is more, we use the otherwise unused cycles on the desktop. The
cost of these cycles approximates zero. That is to say, if we had not
used them for cryptanalysis, we would not have used them at all.
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
Date: Thu, 29 Mar 2001 00:31:14 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <[EMAIL PROTECTED]>, Imad R. Faiad
<[EMAIL PROTECTED]> wrote:
>Hello Tom,
>
>The reason that such attacks will fail when
>aimed at PGP RSA keys, at least in PGP 6.5.1,
>and PGP 6.5.8, and PGP 7.x.x (if the code has
>not changed), is because of the extra code to validate
>all key parameters before using the private key.
<snip>
Thanks Imad - I appreciate the assistance. I hope someone will be able
to advise as to whether earlier PGP versions will fail such an attack on
RSA keys.
=====BEGIN PGP SIGNATURE=====
Version: PGP 7.0.3
Comment: My PGP Page & FAQ: http://www.McCune.cc
iQA/AwUBOsKCzA2jfaGYDC35EQL/cACgt6eRux0rKm4j8Uy1y/sT7gyyc7wAoKk8
GW+exyj8Mh5GPfPvDWsQPERs
=Wxzs
=====END PGP SIGNATURE=====
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Malicious Javascript in Brent Kohler post
Date: Thu, 29 Mar 2001 02:34:44 +0200
An ActiveX can do virtually anything an exe can do. You might convert any
kind of application into an automation server, and an ActiveX control is
just a special case of an automation server with some additional methods in
it's interface. That is, an ActiveX control must have entry points for
certain COM calls, but besides that there are few restrictions. For
instance, ActiveX is commonly used as a way to use components coded and
compiled in C++ in VB code.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"Mok-Kong Shen" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
>
>
> Darren New wrote:
> >
>
> > The code in that file is only malicious if your javascript interpreter
is
> > stupid. It just keeps opening windows until you run out of memory. If
your
> > interpreter allows that to happen, then you need a better interpreter.
>
> Thanks. If that's the worst thing to be expected from
> any javascript, then I wouldn't care. Allow me another
> question of ignorance: What about stuffs that contains
> ActiveX? (I have no knowledge of ActiveX at all.)
>
> M. K. Shen
------------------------------
From: "Savonarola" <[EMAIL PROTECTED]>
Crossposted-To: uk.tech.electronic-security,uk.legal
Subject: FIPR Release 29/3/01: Govt. stalls on licensing of computer consultants
Date: Thu, 29 Mar 2001 01:39:51 +0100
FIPR Press Release 29/3/01: FOR IMMEDIATE USE
==========================
Foundation for Information Policy Research
Contact: Caspar Bowden
Tel: +44(0)20 7354 2333
Government stalls on Bouncers Bill licensing of computer consultants
====================================================================
Home Office Minister Charles Clarke announced yesterday (28/3/01 16:09 BST)
in the 2nd Reading debate of the Private Security Industry (PSI) Bill that
the government did not "CURRENTLY" intend to bring IT security consultants
within the scope of a new licensing regime, but would not give an assurance
to amend the wording to guarantee their complete exemption.
Promoted as a measure to crack down on wheelclampers and bouncers, the PSI
Bill also requires private investigators and "security consultants" to be
licensed by a new statutory authority supervised by the Home Office.
"Security consultant" means anyone giving advice about "security precautions
in relation to any risk to property" (Sch.2 5(1)a). This has caused a wave
of unease through the IT industry as it was realised the wording could catch
freelancers such as systems administrators ('sysadmins') who configure and
maintain computer access controls, and programmers and consultants who
typically work on a wide range of system tasks including information
security. Several trade bodies have made enquiries about the Home Office's
intentions in the past few weeks but have received no clear reply.
Mr.Clarke referred to the presently unregulated status of IT consultants,
but said the government did not "currently" intend to prescribe their
inclusion in the licensing regime. However he said the DTI would consult
with the industry about the adequacy of existing professional practices.
Opposition spokesman Nick Hawkins MP (Con) asked if the government would
agree to revised wording which would grant IT consultants the clear
exemption afforded to accountants, lawyers and management advisers.
Mr.Clarke stressed the broad wording of the bill was intentional, and agreed
merely to "look" at the wording.
Quotes
======
Caspar Bowden, Director of Internet policy think-tank FIPR commented:
"In 1999 the government wanted 'key-escrow' - a copy of everyone's
encryption keys. The RIP Act 2000 allows seizure of anyone's encryption
keys. Do they now want to ban anyone from working with encryption without a
license?"
"This looks like a tactic to keep the government's options open. Unless
there are the same cast iron exemptions for programmers, sysadmins and IT
consultants that have been granted to other professions, the government can
introduce licensing by order at any time."
What Next ?
===========
The Bill has already passed through the House of Lords, and now enters the
Committee Stage in the Commons. In the absence of an early government
amendment to make necessary changes in the definitions, it must be assumed
that the government intends to take power to license IT consultants without
further legislation.
Notes for Editors
=================
1. The Private Security Industry Bill is at
http://www.publications.parliament.uk/pa/cm200001/cmbills/067/2001067.pdf
2. The Foundation for Information Policy Research (www.fipr.org), is a
non-profit think-tank for Internet policy, governed by an independent Board
of Trustees with an Advisory Council of experts.
3. Research topics include: legislation and regulation of electronic
commerce and infrastructure, consumer protection, data protection and
privacy, copyright, law enforcement and national security, evidence and
archiving, electronic government and interaction with business and the
citizen, and social inclusion.
4. FIPR's analysis of the RIP Act stimulated media debate, and led to
amendments ensuring that people who lose keys or forget passwords are
presumed innocent until proven guilty, and preventing casual surveillance of
web browsing without a warrant.
------------------------------
From: "Edmond Ho" <[EMAIL PROTECTED]>
Subject: rc4
Date: Wed, 28 Mar 2001 16:34:53 -0800
Could someone point me to an authentic version of RC4 C source code? I
currently have two compiled versions that are imcompatible (ie, the
ciphertext from one does not decrypt properly with the other). The source
code that I currently have is from
http://www.cypherspace.org/~adam/rsa/rc4c.html (the first one) and
http://www.cypherspace.org/~adam/rsa/rc4.c. Thanks in advance.
Edmond Ho
------------------------------
From: Chenghuai Lu <[EMAIL PROTECTED]>
Subject: Re: Estimation of the keygen time
Date: Wed, 28 Mar 2001 19:40:44 -0500
Paul Rubin wrote:
>
> Chenghuai Lu <[EMAIL PROTECTED]> writes:
> > I'm using the vendor-supplied CSP and can't be completely sure what
> > it's doing. But yes, it typically takes 30-60 seconds. Doing it on
> > the workstation takes under a second. The keygen time on the card is
> > about what I'd expect based on the signing speed of the card.
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > Can Rubin or some one share with me the method how to estimate the
> > keygen time based on signing speed?
> >
> > Thanks.
>
> Basically you'd expect keygen to take on the order of 30x longer than
> signing, based on the idea that you run a Fermat test (i.e. a modexp)
> on a bunch of candidate primes until you get two that pass the test.
In my program, what I found is, after taking out all composite divisible
by small primes less than 255, there remain 52 odd numbers still need
testing. And the first part, sieving out composites also takes time,
about 5.2 second to try 255 odd numbers. For each power-module
operation(521 bits), it takes about 0.11 s. So roughly, the time for
generating a 521 bit prime is a little less than 15 seconds. That is my
estimation. Since transferring APDU to or from the card also takes time.
Did you substract that time when you calculate the signing speed?
Thank you for your discussion.
Lu
--
-Chenghuai Lu ([EMAIL PROTECTED])
------------------------------
From: Ken Prox <[EMAIL PROTECTED]>
Crossposted-To: alt.computer.security
Subject: Re: Encryption of Encrypted Material results in strength???
Date: Wed, 28 Mar 2001 19:53:32 -0500
Double encrypt with RSA's RC4 algorithm, and you will un-encrypt the
data.
--
Ken Prox
mailto:[EMAIL PROTECTED]
url: http://wwnet.net/~kprox
pgp: http://wwnet.net/~kprox/kprox.pub.key.txt
------------------------------
From: [EMAIL PROTECTED] (Rich Wales)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
Date: 29 Mar 2001 01:25:18 -0000
Imad R. Faiad wrote:
> The reason that such attacks will fail when aimed at PGP RSA
> keys, at least in PGP 6.5.1, and PGP 6.5.8, and PGP 7.x.x (if
> the code has not changed), is because of the extra code to
> validate all key parameters before using the private key.
Regarding older PGP's and this attack, PGP 2.6.3ia performs one (and
apparently only one) of the RSA tests recommended in the ICZ paper
(n=pq is verified in keymgmt.c, line 626).
I'm not sure whether this single test suffices to make PGP 2.6.3ia
immune to the ICZ attack or not.
Lutz Donnerhacke's latest 2.6.3in release includes additional tests
(in rsaglue1.c and rsaglue2.c), which are intended to confirm the
validity of the secret key, and thus guard against the ICZ attack.
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/pgp/
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
------------------------------
From: "Amr Youssef" <[EMAIL PROTECTED]>
Subject: SAC2001 (Second Call for Papers)
Date: Wed, 28 Mar 2001 20:03:25 -0500
Second Call For Papers (SAC 2001)
--------------------------------
Eighth Annual Workshop on Selected Areas in Cryptography to be held at:
Fields Institute, Toronto, Ontario, Canada August 16-17, 2001
Workshop Themes
================
1. Design and analysis of symmetric key cryptosystems.
2. Primitives for private key cryptography, including block and stream
ciphers, hash functions and MACs.
3. Efficient implementations of cryptographic systems in public and private
key cryptography.
4. Cryptographic solutions for web/internet security.
Program Committee
===================
Stefan Brands, Zero-Knowledge Systems, Canada
Matt Franklin, UC Davis, USA
Henri Gilbert, France Telecom, France
Howard Heys, Memorial University of Newfoundland, Canada
Hideki Imai, University of Tokyo, Japan
Shiho Moriai, NTT, Japan
Kaisa Nyberg, Nokia Research Center, Finland
Rich Schroeppel, Sandia National Lab, USA
Doug Stinson, University of Waterloo, Canada
Stafford Tavares, Queen's University, Canada
Serge Vaudenay (co-chair), EPFL, Switzerland
Michael Wiener, Entrust Technologies, Canada
Amr Youssef (co-chair), University of Waterloo, Canada
Yuliang Zheng, Monash University, Australia
Current Sponsors:
=================
CACR (University of Waterloo)
Certicom Corporation
CITO (Communications and Information Technology Ontario)
Ecole Polytechnique F�d�rale de Lausanne
Entrust Technologies
ZeroKnowledge
Invited Speakers
=================
Phong Q. Nguyen, Ecole normale superieure, France
Moti Yung, CertCo, New York, NY, USA.
Instructions for Authors
=========================
Submissions must consist of an extended abstract of at most 15 double-spaced
pages, clearly indicating the
results achieved, their significance, and their relation to other work in
the area. Authors can either email
one copy of a Postscript file to [EMAIL PROTECTED] or send ten copies of the
extended abstract to
SAC 2001
EPFL - DSC - LASEC
IN- Ecublens
1015 Lausanne - Switzerland
Tel.: +41-21-693-7603
Important Dates
================
Submission Deadline May 7
Notification of Acceptance June 25
Workshop Dates August 16-17
Deadline for Proceedings September 16
Proceedings
===========
It is intended that the Proceedings will be published by Springer-Verlag in
the Lecture Notes in Computer
Science (LNCS) Series. In order to be included in the Proceedings, papers
must be presented at the Workshop
by one of the authors. As in previous years, the Workshop Record will be
available to participants.
For further information contact:
Serge Vaudenay, EPFL, [EMAIL PROTECTED]
Amr Youssef, University of Waterloo, [EMAIL PROTECTED]
Conference web page:
====================
http://lasecwww.epfl.ch/sac2001/
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Deny Anon Remailers access to this newsgroup
Date: 29 Mar 2001 01:10:07 GMT
Jim D <sideband@ btinternet.com> wrote:
> On Mon, 26 Mar 2001 18:10:32 GMT, Darren New <[EMAIL PROTECTED]> wrote:
>>You forgot number three: Your ex-blood relatives might be trying to deport
>>you to Finland.
> Oh no! Not Finland. Dunno though. Could be worse, could
> be the USA!
I suspect that might have been a reference to anon.penet.fi . Then again, I
might just be reading things which aren't there (I do this in class often
enough).
-David
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: texts on factoring?
Date: Thu, 29 Mar 2001 01:33:04 GMT
I was wondering what are the "good" texts on algebraic number theory and
factoring ?
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Crossposted-To: news.software.readers
Subject: Re: Malicious Javascript in Brent Kohler post
Date: Thu, 29 Mar 2001 01:48:34 -0000
[f-u set]
<[EMAIL PROTECTED]> divulged:
>The point is: Suppose one copies it to a file and finds
>that it is html containing a Javascript. Does one need
>Java knowledge or is there an automatic means analogous
>to a virus scanner to determine whether the material
>could be malicious.
as has been noted, java and javascript are different things.
there are automatic scanners, but in general they just remove the code.
some can replace code with more benign code, but it's problematic at
best. if, when saving the article, your newsreader didn't decode the
transfer or url encoding then you would have to do that yourself. but
that's the easy part, in that those are well documented transforms. what
is harder is reading the code to decide if it is malicious. javascript
is also well documented it is an interpreted language, and may require
analysis beyond what you (much less a program) is capable of performing.
in general, i see no plausible rationale for the author of an article
having any need to execute code on my system in order to properly "read"
their article, hence i don't use a newsreader that does that sort of
thing.
--
okay, have a sig then
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: texts on factoring?
Date: 28 Mar 2001 17:53:18 -0800
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> I was wondering what are the "good" texts on algebraic number theory and
> factoring ?
Neal Koblitz, _A Course in Number Theory and Cryptography_ has a
reasonable introduction to the subject (factoring) that you might be
able to read. Also, Knuth volume 2.
As for advanced texts, forget it, you don't know nearly enough math to
be able to read them. I don't know enough math to read them either,
and I have a degree in math.
Henri Cohen, _A Course in Computational Algebraic Number Theory_ is a
wonderful book, but I can only understand a little bit of it.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Malicious Javascript in Brent Kohler post
Date: Thu, 29 Mar 2001 01:55:31 -0000
<[EMAIL PROTECTED]> divulged:
>Another very dumb question: Do I need to carefully examine
>a Javascript or is there any convenient way of assuring
>that it doesn't do anything weird? Thanks.
you'll have to inspect it.
i suggest not running it at all. there are damn few reasons for
javascript to be within a netnews article, e.g., you might to attach
a script so that others may use the code in their web pages, or
you might include it in the text in order to discuss it. but there
is _no_ reason for it to be run by the newsreader.
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: alt.computer.security
Subject: Re: Encryption of Encrypted Material results in strength???
Date: 29 Mar 2001 01:55:34 GMT
In <[EMAIL PROTECTED]> Ken Prox <[EMAIL PROTECTED]> writes:
>Double encrypt with RSA's RC4 algorithm, and you will un-encrypt the
>data.
Only if you use the same key each time.
Is RC4 a group-- ie, RC4(K1,RC4(K2,text)=RC4(K3,text) for some K3 given K1 and K2?
( it is clearly abelian and each element is its own inverse as mentioned).
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: texts on factoring?
Date: Thu, 29 Mar 2001 01:55:51 GMT
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
> > I was wondering what are the "good" texts on algebraic number theory and
> > factoring ?
>
> Neal Koblitz, _A Course in Number Theory and Cryptography_ has a
> reasonable introduction to the subject (factoring) that you might be
> able to read. Also, Knuth volume 2.
I have the complete Knuth set and he only discusses Pollard-Rho, Fermat and
a sieve method. Nothing terribly advanced...
I will look up the Koblitz book.
> As for advanced texts, forget it, you don't know nearly enough math to
> be able to read them. I don't know enough math to read them either,
> and I have a degree in math.
>
> Henri Cohen, _A Course in Computational Algebraic Number Theory_ is a
> wonderful book, but I can only understand a little bit of it.
Ouch... well I have a high school math ... so I may have to wait.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
