Re: Looking through a modulo operation
Matt Ball matt.ball ieee.org wrote Here is a C implementation of __random32: typedef unsigned long u32; struct rnd_state { u32 s1, s2, s3; }; static u32 __random32(struct rnd_state *state) { #define TAUSWORTHE(s,a,b,c,d) ((sc)d) ^ (((s a) ^ s)b) state-s1 = TAUSWORTHE(state-s1, 13, 19, 4294967294UL, 12); state-s2 = TAUSWORTHE(state-s2, 2, 25, 4294967288UL, 4); state-s3 = TAUSWORTHE(state-s3, 3, 11, 4294967280UL, 17); return (state-s1 ^ state-s2 ^ state-s3); } I see TAUSWORTHE (briefly tested with the above constants) isn't a permutation of the 32-bit input state and is going to get very dull when s is 0. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how to check if your ISP's DNS servers are safe
On Tue, 22 Jul 2008 10:21:14 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: Niels Provos has a web page up with some javascript that automatically checks if your DNS caching server has been properly patched or not. http://www.provos.org/index.php?/pages/dnstest.html It is worth telling people to try. Those who prefer command lines can try dig +short porttest.dns-oarc.net TXT --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how to check if your ISP's DNS servers are safe
On 07/23/2008 12:44 AM, Steven M. Bellovin wrote: Niels Provos has a web page up with some javascript that automatically checks if your DNS caching server has been properly patched or not. http://www.provos.org/index.php?/pages/dnstest.html It is worth telling people to try. Those who prefer command lines can try dig +short porttest.dns-oarc.net TXT Thanks, that's helpful. Note that the command-line version accepts the @server option, which is useful if you have to deal with a mess of primaries, secondaries, forwarders, et cetera: dig @NS1 +short porttest.dns-oarc.net TXT dig @NS2 +short porttest.dns-oarc.net TXT dig @NS3 +short porttest.dns-oarc.net TXT - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The PKC-only application security model ...
Thierry Moreau wrote: A)The big picture refers to the PKC-only application security scheme, in which client-server applications may be secured with client-side public key pairs, but *no trusted certification authority* is involved (server operators are expected to maintain a trusted database of their clients' public keys). original PK-init (public key) draft for Kerberos was (only) certificateless public key operation ... i.e. kerberos server operators maintaining trusted database of their clients' public keys (in lieu of passwords) ... PKI/certificate mode of operation was eventually added to the specification. lots of past posts about certificateless public key kerberos http://www.garlic.com/~lynn/subpubkey.html#kerberos similar implementation was done for RADIUS http://www.garlic.com/~lynn/subpubkey.html#radius general posts about certificateless (sometimes naked) public key http://www.garlic.com/~lynn/subpubkey.html#certless X9.59 is financial transaction standard also using certificateless public key operation http://www.garlic.com/~lynn/x959.html#x959 part of the issue was that in the mid-90s, the x9a10 financial standard working group had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. One of the issues for x9.59 was that it had to be lightweight enough to operate in existing infrastructures. Some of the certificate-oriented payment transaction standards from the period resulted in factor of 100 times (two orders of magnitude) payload (i.e. certificate payload overhead could be 100 times larger than basic payment transaction) and processing (i.e. certificate processing overhead could be 100 times larger than basic payment transaction) bloat http://www.garlic.com/~lynn/subpubkey.html#bloat general discussions of the account authority public key model (as contrast to certification authority public key model) http://www.garlic.com/~lynn/x959.html#aads - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The PKC-only application security model ...
Anne Lynn Wheeler wrote about various flavors of certificateless public key operation in various standards, notably in the financial industry. Thanks for reporting those. No doubt that certificateless public key operation is neither new nor absence from today's scene. The document I published on my web site today is focused on fielding certificateless public operations with the TLS protocol which does not support client public keys without certificates - hence the meaningless security certificate. Nothing fancy in this technique, just a small contribution with the hope to facilitate the use of client-side PKC. - Thierry Moreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]