RE: Exponent 3 damage spreads...

2006-09-20 Thread Anton Stiglic
I tried coming up with my own forged signature that could be validated with OpenSSL (which I intended to use to test other libraries). I haven't succeeded, either because in the particular example I came up with OpenSSL does something that catches the invalid signature, or I messed up somewhere

RE: [cryptography] Re: Why the exponent 3 error happened:

2006-09-20 Thread Kuehn, Ulrich
From: Ralf-Philipp Weinmann [mailto:[EMAIL PROTECTED] [...] Unfortunately we only found out that there has been prior art by Yutaka Oiwa et al. *AFTER* we successfully forged a certificate using this method (we being Andrei Pyshkin, Erik Tews and myself). The certificate we forged

Re: [cryptography] Re: Why the exponent 3 error happened:

2006-09-20 Thread Ralf-Philipp Weinmann
On Sep 20, 2006, at 3:10 PM, Kuehn, Ulrich wrote: -BEGIN CERTIFICATE- MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw

Did Hezbollah use SIGINT against Israel?

2006-09-20 Thread Steven M. Bellovin,0,7091966,print.story That isn't supposed to be possible these days... (I regard it as more likely that they were doing traffic analysis and direction-finding than actually cracking the ciphers.) --Steven

Re: Exponent 3 damage spreads...

2006-09-20 Thread Peter Gutmann
David Wagner [EMAIL PROTECTED] writes: (a) Any implementation that doesn't check whether there is extra junk left over after the hash digest isn't implementing the PKCS#1.5 standard correctly. That's a bug in the implementation. No, it's a bug in the spec: 9.4 Encryption-block parsing It is an

fyi: On-card displays

2006-09-20 Thread Jeff . Hodges
From: Ian Brown [EMAIL PROTECTED] Subject: On-card displays To: [EMAIL PROTECTED] Date: Wed, 20 Sep 2006 07:29:13 +0100 Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays: