At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote:
Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
|
http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story
|
| That isn't supposed to be possible these days... (I regard it as more
| likely that they were doing traffic analysis and direction-finding than
| actually cracking the ciphers.)
Newspaper
Anton Stiglic writes:
I tried coming up with my own forged signature that could be validated with
OpenSSL (which I intended to use to test other libraries). ...
Now let's look at s^3
1FFF\
Anton,
Here is what I compute in Maple.
I wonder if you are running into an old BC bug. I don't remember the
details, but bc had a bug some 10 years or so ago with big numbers.
with(numtheory):
s:=convert(`00D3CDA91B578B6DF29AEB140272BD9198759F79FA10DC410B5D10362048AC7A
From: Computer History Museum [EMAIL PROTECTED]
Subject: Public Key Cryptography 30th Anniversary Event - October 26
Celebrating 30 years of Public Key Cryptography (PKC)
Join the Computer History Museum for a special public event celebrating 30
years of public key cryptography. This memorable
Peter,
From: Peter Gutmann [mailto:[EMAIL PROTECTED]
David Wagner [EMAIL PROTECTED] writes:
(a) Any implementation that doesn't check whether there is
extra junk
left over after the hash digest isn't implementing the PKCS#1.5
standard correctly. That's a bug in the implementation.
Kuehn, Ulrich [EMAIL PROTECTED] writes:
But the PKCS#1 spec talks about building up the complete padded signature
input at the verifier, and then comparing it.
Uhh, did you actually read the rest of my post? *One variant of the PKCS #1
spec, that didn't exist at the time the the affected other
Peter,
From: Peter Gutmann [mailto:[EMAIL PROTECTED]
Kuehn, Ulrich [EMAIL PROTECTED] writes:
But the PKCS#1 spec talks about building up the complete padded
signature input at the verifier, and then comparing it.
Uhh, did you actually read the rest of my post? *One variant
of the
Thanks for taking the time to look at this.
But I recounted, and I count 765 hex (with the formatting I get in my mail,
11 lines of 68 hex + 17 hex at the end), which gives 3060 bits. Considering
that the first hex is 1 and can be represented in 1 bit, not for, that would
give 3060 - 3 = 3057
As other's have mentioned, I don't believe the small RSA exponent (e = 3)
is to blame in Bleichenbacher's attack.
Indeed, the mathematical problem of computing the cubic root of m modulo
an rsa modulus n, for a *fixed*, arbitrary m, is still considered to be
hard (no one has shown the opposite).
On Wed, 20 Sep 2006, Steven M. Bellovin wrote:
http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story
That isn't supposed to be possible these days...
It is not clear that with modern technology interception is
impossible, at least during Second Gulf War
[EMAIL PROTECTED] (Peter Gutmann) writes:
Consequently, I think the focus on e=3 is misguided.
It's not at all misguided. This whole debate about trying to hang on to e=3
seems like the argument about epicycles, you modify the theory to handle
anomalies, then you modify it again to handle
Kuehn, Ulrich [EMAIL PROTECTED] writes:
10.2.3 Data decoding
The data D shall be BER-decoded to give an ASN.1 value of
type DigestInfo, which shall be separated into a message
digest MD and a message-digest algorithm identifier. The
message-digest algorithm
Fast Software Encryption 2007
*March 26-28*
*Luxembourg city**, Luxembourg**
*
[image: IACR] http://www.iacr.org/
Call for Papers
FSE 2007 is the 14th annual Fast Software Encryption workshop, for the sixth
year sponsored by the International Association for Cryptologic
On Thu, 21 Sep 2006 07:00:03 -0400, Whyte, William [EMAIL PROTECTED]
wrote:
Similarly, the thousands of words of nitpicking standards, bashing ASN.1,
and
so on ad nauseum, can be eliminated entirely by following one simple rule:
Don't use e=3
I'd extend it to don't use e = 17.
15 matches
Mail list logo
