Re: RSA SecurID SID800 Token vulnerable by design

2006-09-10 Thread Anne Lynn Wheeler
Lance James wrote: Agreed, and since my research is focused on online banking I can see yours and my point, either way, SecurID should not be the only concept for dependence. as i've mentioned serveral times, in the mid-90s, the x9a10 financial standards working group was given the task of

Re: IGE mode is broken (Re: IGE mode in OpenSSL)

2006-09-10 Thread Ben Laurie
Adam Back wrote: Hi Ben, Travis IGE if this description summarized by Travis is correct, appears to be a re-invention of Anton Stiglic and my proposed FREE-MAC mode. However the FREE-MAC mode (below described as IGE) was broken back in Mar 2000 or maybe earlier by Gligor, Donescu and Iorga.

Re: IGE mode is broken (Re: IGE mode in OpenSSL)

2006-09-10 Thread Adam Back
On Sat, Sep 09, 2006 at 09:39:04PM +0100, Ben Laurie wrote: There is some more detail here: http://groups.google.ca/group/sci.crypt/browse_thread/thread/e1b9339bf9fb5060/62ced37bb9713a39?lnk=st Interesting. In fact, Gligor et al appear to have proposed IGE rather later than this date

Re: Raw RSA

2006-09-10 Thread James A. Donald
Leichter, Jerry wrote: | It is known, that given such an oracle, the attacker can ask for | decryption of all primes less than B, and then he will be able to | sign PKCS-1 encoded messages if the representative number is B-smooth, | but is there any way to actually recover d itself? RSA is

Re: Exponent 3 damage spreads...

2006-09-10 Thread James A. Donald
-- Ben Laurie wrote: Subject: [dnsop] BIND and OpenSSL's RSA signature forging issue From: Ben Laurie [EMAIL PROTECTED] Date: Fri, 08 Sep 2006 11:40:44 +0100 To: DNSEXT WG namedroppers@ops.ietf.org, (DNSSEC deployment) [EMAIL PROTECTED], dnsop@lists.uoregon.edu To: DNSEXT WG

Re: signing all outbound email

2006-09-10 Thread James A. Donald
-- James A. Donald: One way of doing this would be for the MTA to insist on a valid signature when talking to certain well known MTAs, and then my MUA could whitelist mail sent from those well known MTAs Paul Hoffman wrote: Yes, if you are willing to throw out messages whose

Re: Raw RSA

2006-09-10 Thread John R. Black
I don't follow. For RSA, the only difference between encryption and decryption, and public and private key, and hence between chosen plaintext and chosen ciphertext, is the arbitrary naming of one of a pair of mutually-inverse values as the private key and the other as the public key.

Re: Exponent 3 damage spreads...

2006-09-10 Thread Ben Laurie
James A. Donald wrote: -- Ben Laurie wrote: Subject: [dnsop] BIND and OpenSSL's RSA signature forging issue From: Ben Laurie [EMAIL PROTECTED] Date: Fri, 08 Sep 2006 11:40:44 +0100 To: DNSEXT WG namedroppers@ops.ietf.org, (DNSSEC deployment) [EMAIL PROTECTED],

Re: IGE mode is broken (Re: IGE mode in OpenSSL)

2006-09-10 Thread James A. Donald
-- Adam Back wrote: Hi Ben, Travis IGE if this description summarized by Travis is correct, appears to be a re-invention of Anton Stiglic and my proposed FREE-MAC mode. However the FREE-MAC mode (below described as IGE) was broken back in Mar 2000 or maybe earlier by Gligor, Donescu

Re: Raw RSA

2006-09-10 Thread Leichter, Jerry
| | It is known, that given such an oracle, the attacker can ask for | | decryption of all primes less than B, and then he will be able to | | sign PKCS-1 encoded messages if the representative number is B-smooth, | | but is there any way to actually recover d itself? | | RSA is

Re: Exponent 3 damage spreads...

2006-09-10 Thread bmanning
On Sun, Sep 10, 2006 at 08:30:53AM +1000, James A. Donald wrote: -- Ben Laurie wrote: Subject: [dnsop] BIND and OpenSSL's RSA signature forging issue From: Ben Laurie [EMAIL PROTECTED] Date: Fri, 08 Sep 2006 11:40:44 +0100 To: DNSEXT WG namedroppers@ops.ietf.org, (DNSSEC