Re: fyi: On-card displays

At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote: Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays: http://www.cr80news.com/library/2006/09/16/on-card-displays-become-realit

Re: Did Hezbollah use SIGINT against Israel?

| http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story | | That isn't supposed to be possible these days... (I regard it as more | likely that they were doing traffic analysis and direction-finding than | actually cracking the ciphers.) Newspaper reports

RE: Exponent 3 damage spreads...

Anton Stiglic writes: > I tried coming up with my own forged signature that could be validated with > OpenSSL (which I intended to use to test other libraries). ... > Now let's look at s^3 > 1FFF\ > FFF

RE: Exponent 3 damage spreads...

Anton, Here is what I compute in Maple. I wonder if you are running into an old BC bug. I don't remember the details, but bc had a bug some 10 years or so ago with big numbers. > with(numtheory): > s:=convert(`00D3CDA91B578B6DF29AEB140272BD9198759F79FA10DC410B5D10362048AC7A BE5DF7FE0D94A6646E791

Public Key Cryptography 30th Anniversary Event - 10/26, Mountain View CA

From: "Computer History Museum" <[EMAIL PROTECTED]> Subject: Public Key Cryptography 30th Anniversary Event - October 26 Celebrating 30 years of Public Key Cryptography (PKC) Join the Computer History Museum for a special public event celebrating 30 years of public key cryptography. This memora

RE: Exponent 3 damage spreads...

Peter, > From: Peter Gutmann [mailto:[EMAIL PROTECTED] > > David Wagner <[EMAIL PROTECTED]> writes: > > >(a) Any implementation that doesn't check whether there is > extra junk > >left over after the hash digest isn't implementing the PKCS#1.5 > >standard correctly. That's a bug in the imple

RE: Exponent 3 damage spreads...

"Kuehn, Ulrich" <[EMAIL PROTECTED]> writes: >But the PKCS#1 spec talks about building up the complete padded signature >input at the verifier, and then comparing it. Uhh, did you actually read the rest of my post? *One variant of the PKCS #1 spec, that didn't exist at the time the the affected o

RE: Exponent 3 damage spreads...

Peter, > From: Peter Gutmann [mailto:[EMAIL PROTECTED] > > "Kuehn, Ulrich" <[EMAIL PROTECTED]> writes: > > >But the PKCS#1 spec talks about building up the complete padded > >signature input at the verifier, and then comparing it. > > Uhh, did you actually read the rest of my post? *One var

RE: Exponent 3 damage spreads...

> Similarly, the thousands of words of nitpicking standards, bashing ASN.1, and > so on ad nauseum, can be eliminated entirely by following one simple rule: > > Don't use e=3 I'd extend it to "don't use e <= 17". The PKCS#1 attack will work with e = 17, SHA-512 and RSA-15360, and someone's boun

RE: Exponent 3 damage spreads...

Thanks for taking the time to look at this. But I recounted, and I count 765 hex (with the formatting I get in my mail, 11 lines of 68 hex + 17 hex at the end), which gives 3060 bits. Considering that the first hex is 1 and can be represented in 1 bit, not for, that would give 3060 - 3 = 3057 bit

Re: Why the exponent 3 error happened:

As other's have mentioned, I don't believe the small RSA exponent (e = 3) is to blame in Bleichenbacher's attack. Indeed, the mathematical problem of computing the cubic root of m modulo an rsa modulus n, for a *fixed*, arbitrary m, is still considered to be hard (no one has shown the opposite). Wh

Re: Did Hezbollah use SIGINT against Israel?

On Wed, 20 Sep 2006, Steven M. Bellovin wrote: > http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story > > That isn't supposed to be possible these days... It is not clear that with modern technology interception is impossible, at least during Second Gulf W

Re: Exponent 3 damage spreads...

[EMAIL PROTECTED] (Peter Gutmann) writes: >>Consequently, I think the focus on e=3 is misguided. > > It's not at all misguided. This whole debate about trying to hang on to e=3 > seems like the argument about epicycles, you modify the theory to handle > anomalies, then you modify it again to han

RE: Exponent 3 damage spreads...

"Kuehn, Ulrich" <[EMAIL PROTECTED]> writes: > 10.2.3 Data decoding > > The data D shall be BER-decoded to give an ASN.1 value of > type DigestInfo, which shall be separated into a message > digest MD and a message-digest algorithm identifier. The > message-digest algo

Call for papers for Fast Software Encryption (FSE 2007)

Fast Software Encryption 2007 *March 26-28* *Luxembourg city**, Luxembourg** * [image: IACR] Call for Papers FSE 2007 is the 14th annual Fast Software Encryption workshop, for the sixth year sponsored by the International Association for Cryptologic Research

Re: Exponent 3 damage spreads...

On Thu, 21 Sep 2006 07:00:03 -0400, "Whyte, William" <[EMAIL PROTECTED]> wrote: > > Similarly, the thousands of words of nitpicking standards, bashing ASN.1, > > and > > so on ad nauseum, can be eliminated entirely by following one simple rule: > > > > Don't use e=3 > > I'd extend it to "don'