Re: Phishers Defeat 2-Factor Auth

2006-07-12 Thread James A. Donald
Lance James wrote: The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the

Re: Interesting bit of a quote

2006-07-12 Thread Anne Lynn Wheeler
[EMAIL PROTECTED] wrote: I can corroborate the quote in that much of SarbOx and other recent regs very nearly have a guilty unless proven innocent quality, that banks (especially) and others are called upon to prove a negative: X {could,did} not happen. California SB1386 roughly says the same

Factorization polynomially reducible to discrete log - known fact or not?

2006-07-12 Thread David Wagner
Ondrej Mikle wrote: I believe I have the proof that factorization of N=p*q (p, q prime) is polynomially reducible to discrete logarithm problem. Is it a known fact or not? Be careful: when most people talk about the assumption that the discrete log problem being hard, they usually are

Re: Interesting bit of a quote

2006-07-12 Thread dan
You're talking about entirely different stuff, Lynn, but you are correct that data fusion at IRS and everywhere else is aided and abetted by substantially increased record keeping requirements. Remember, Poindexter's TIA thing did *not* posit new information sources, just fusing existing sources

Re: Interesting bit of a quote

2006-07-12 Thread David Wagner
[EMAIL PROTECTED] Been with a reasonable number of General Counsels on this sort of thing. Maybe you can blame them and not SB1386 for saying that if you cannot prove the data didn't spill then it is better corporate risk management to act as if it did spill. Well, are you sure you haven't

Re: Interesting bit of a quote

2006-07-12 Thread Anne Lynn Wheeler
[EMAIL PROTECTED] wrote: You're talking about entirely different stuff, Lynn, but you are correct that data fusion at IRS and everywhere else is aided and abetted by substantially increased record keeping requirements. Remember, Poindexter's TIA thing did *not* posit new information sources,

Re: Interesting bit of a quote

2006-07-12 Thread Travis H.
On 7/11/06, Adam Fields [EMAIL PROTECTED] wrote: On Tue, Jul 11, 2006 at 01:02:27PM -0400, Leichter, Jerry wrote: Business ultimately depends on trust. There's some study out there - Trust is not quite the opposite of security (in the sense of an action, not as a state of being), but certainly

Re: switching from SHA-1 to Tiger ?

2006-07-12 Thread alex
- Original Message - From: Zooko O'Whielacronx [EMAIL PROTECTED] ... The AES competition resulted in a block cipher that was faster as well as safer than the previous standards. I hope that the next generation of hash functions achieve something similar, because for my use cases

Re: Factorization polynomially reducible to discrete log - known fact or not?

2006-07-12 Thread Max A.
On 7/9/06, Ondrej Mikle [EMAIL PROTECTED] wrote: I believe I have the proof that factorization of N=p*q (p, q prime) is polynomially reducible to discrete logarithm problem. Is it a known fact or not? I searched for such proof, but only found that the two problems are believed to be equivalent

Re: Interesting bit of a quote

2006-07-12 Thread leichter_jerrold
On Tue, 11 Jul 2006, Anne Lynn Wheeler wrote: | ...independent operation/sources/entities have been used for a variety of | different purposes. however, my claim has been then auditing has been used to | look for inconsistencies. this has worked better in situations where there was | independent

Re: hashes in p2p, was Re: switching from SHA-1 to Tiger ?

2006-07-12 Thread Ondrej Mikle
Travis H. wrote: On 7/11/06, Zooko O'Whielacronx [EMAIL PROTECTED] wrote: I hope that the hash function designers will be aware that hash functions are being used in more and more contexts outside of the traditional digital signatures and MACs. These new contexts include filesystems like ZFS

Re: Factorization polynomially reducible to discrete log - known fact or not?

2006-07-12 Thread Peter Kosinar
The algorithm is very simple: 1. Choose a big random value x from some very broad range (say, {1,2,..,N^2}). 2. Pick a random element g (mod N). 3. Compute y = g^x (mod N). 4. Ask for the discrete log of y to the base g, and get back some answer x' such that y = g^x' (mod N). 5. Compute x-x'.

Re: Factorization polynomially reducible to discrete log - known

2006-07-12 Thread David Wagner
The algorithm is very simple: 1. Choose a big random value x from some very broad range (say, {1,2,..,N^2}). 2. Pick a random element g (mod N). 3. Compute y = g^x (mod N). 4. Ask for the discrete log of y to the base g, and get back some answer x' such that y = g^x' (mod N).

Re: Factorization polynomially reducible to discrete log - known

2006-07-12 Thread Peter Kosinar
Not exactly. Consider N = 3*7 = 21, phi(N) = 12, g = 4, x = 2, x' = 5. You'll only get a multiple of phi(N) if g was a generator of the multiplicative group Z_N^*. When N is a large RSA modulus, there is a non-trivial probability that g will be a generator (or that g will be such that x-x' lets

Re: Factorization polynomially reducible to discrete log - known

2006-07-12 Thread Ondrej Mikle
David Wagner wrote: The algorithm is very simple: 1. Choose a big random value x from some very broad range (say, {1,2,..,N^2}). 2. Pick a random element g (mod N). 3. Compute y = g^x (mod N). 4. Ask for the discrete log of y to the base g, and get back some answer x' such that y = g^x' (mod

Re: Interesting bit of a quote

2006-07-12 Thread Anton Stiglic
David Wagner writes: SB1386 says that if a company conducts business in Caliornia and has a system that includes personal information stored in unencrypted from and if that company discovers or is notified of a breach of the security that system, then the company must notify any California

Re: Interesting bit of a quote

2006-07-12 Thread Abe Singer
On Tue, Jul 11, 2006 at 05:50:06PM -0700, David Wagner wrote: No, it doesn't. I think you've got it backwards. That's not what SB1386 says. SB1386 says that if a company conducts business in Caliornia and has a system that includes personal information stored in unencrypted from and if