### Re: Phishers Defeat 2-Factor Auth

Lance James wrote: The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the

### Re: Interesting bit of a quote

[EMAIL PROTECTED] wrote: I can corroborate the quote in that much of SarbOx and other recent regs very nearly have a guilty unless proven innocent quality, that banks (especially) and others are called upon to prove a negative: X {could,did} not happen. California SB1386 roughly says the same

### Factorization polynomially reducible to discrete log - known fact or not?

Ondrej Mikle wrote: I believe I have the proof that factorization of N=p*q (p, q prime) is polynomially reducible to discrete logarithm problem. Is it a known fact or not? Be careful: when most people talk about the assumption that the discrete log problem being hard, they usually are

### Re: Interesting bit of a quote

You're talking about entirely different stuff, Lynn, but you are correct that data fusion at IRS and everywhere else is aided and abetted by substantially increased record keeping requirements. Remember, Poindexter's TIA thing did *not* posit new information sources, just fusing existing sources

### Re: Interesting bit of a quote

[EMAIL PROTECTED] Been with a reasonable number of General Counsels on this sort of thing. Maybe you can blame them and not SB1386 for saying that if you cannot prove the data didn't spill then it is better corporate risk management to act as if it did spill. Well, are you sure you haven't

### Re: Interesting bit of a quote

[EMAIL PROTECTED] wrote: You're talking about entirely different stuff, Lynn, but you are correct that data fusion at IRS and everywhere else is aided and abetted by substantially increased record keeping requirements. Remember, Poindexter's TIA thing did *not* posit new information sources,

### Re: Interesting bit of a quote

On 7/11/06, Adam Fields [EMAIL PROTECTED] wrote: On Tue, Jul 11, 2006 at 01:02:27PM -0400, Leichter, Jerry wrote: Business ultimately depends on trust. There's some study out there - Trust is not quite the opposite of security (in the sense of an action, not as a state of being), but certainly

### Re: switching from SHA-1 to Tiger ?

- Original Message - From: Zooko O'Whielacronx [EMAIL PROTECTED] ... The AES competition resulted in a block cipher that was faster as well as safer than the previous standards. I hope that the next generation of hash functions achieve something similar, because for my use cases

### Re: Factorization polynomially reducible to discrete log - known fact or not?

On 7/9/06, Ondrej Mikle [EMAIL PROTECTED] wrote: I believe I have the proof that factorization of N=p*q (p, q prime) is polynomially reducible to discrete logarithm problem. Is it a known fact or not? I searched for such proof, but only found that the two problems are believed to be equivalent

### Re: Interesting bit of a quote

On Tue, 11 Jul 2006, Anne Lynn Wheeler wrote: | ...independent operation/sources/entities have been used for a variety of | different purposes. however, my claim has been then auditing has been used to | look for inconsistencies. this has worked better in situations where there was | independent

### Re: hashes in p2p, was Re: switching from SHA-1 to Tiger ?

Travis H. wrote: On 7/11/06, Zooko O'Whielacronx [EMAIL PROTECTED] wrote: I hope that the hash function designers will be aware that hash functions are being used in more and more contexts outside of the traditional digital signatures and MACs. These new contexts include filesystems like ZFS

### Re: Factorization polynomially reducible to discrete log - known fact or not?

The algorithm is very simple: 1. Choose a big random value x from some very broad range (say, {1,2,..,N^2}). 2. Pick a random element g (mod N). 3. Compute y = g^x (mod N). 4. Ask for the discrete log of y to the base g, and get back some answer x' such that y = g^x' (mod N). 5. Compute x-x'.

### Re: Factorization polynomially reducible to discrete log - known

The algorithm is very simple: 1. Choose a big random value x from some very broad range (say, {1,2,..,N^2}). 2. Pick a random element g (mod N). 3. Compute y = g^x (mod N). 4. Ask for the discrete log of y to the base g, and get back some answer x' such that y = g^x' (mod N).

### Re: Factorization polynomially reducible to discrete log - known

Not exactly. Consider N = 3*7 = 21, phi(N) = 12, g = 4, x = 2, x' = 5. You'll only get a multiple of phi(N) if g was a generator of the multiplicative group Z_N^*. When N is a large RSA modulus, there is a non-trivial probability that g will be a generator (or that g will be such that x-x' lets

### Re: Factorization polynomially reducible to discrete log - known

David Wagner wrote: The algorithm is very simple: 1. Choose a big random value x from some very broad range (say, {1,2,..,N^2}). 2. Pick a random element g (mod N). 3. Compute y = g^x (mod N). 4. Ask for the discrete log of y to the base g, and get back some answer x' such that y = g^x' (mod

### Re: Interesting bit of a quote

David Wagner writes: SB1386 says that if a company conducts business in Caliornia and has a system that includes personal information stored in unencrypted from and if that company discovers or is notified of a breach of the security that system, then the company must notify any California

### Re: Interesting bit of a quote

On Tue, Jul 11, 2006 at 05:50:06PM -0700, David Wagner wrote: No, it doesn't. I think you've got it backwards. That's not what SB1386 says. SB1386 says that if a company conducts business in Caliornia and has a system that includes personal information stored in unencrypted from and if