From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Sonntag, 17. September 2006 06:01
For another example of just how badly this kind of thing can
be done, look at this code excerpt from Firefox version
1.5.0.7, which is the fixed version. There are two PKCS-1
parsing
From: Ivan Krstić [mailto:[EMAIL PROTECTED]
Kuehn, Ulrich wrote:
Who is we? In the case of my own system I payed for (so
speaking for
myself) I would like to have such a mechanism to have the
system prove
to me before login that it is not tampered with. The TCG
approach does
From: James A. Donald [mailto:[EMAIL PROTECTED]
Sent: Dienstag, 10. Oktober 2006 06:40
What we want is that a bank client can prove to the bank it
is the real client, and not trojaned. What the evil guys at
RIAA want is that their music player can prove it is their
real music player,
From: Erik Tews [mailto:[EMAIL PROTECTED]
Sent: Donnerstag, 5. Oktober 2006 23:52
[...]
Later, you can remotely query your system and get a report
what has been bootet on your system. You can do this query
using a java application and tpm4java.
However, this is the big problem
From: Ralf-Philipp Weinmann
[...]
Relevant files to this problem that were patched turned out
to be security/nss/lib/cryptohi/secvfy.c and
nss/lib/util/secdig.c. Have a look at the function
DecryptSigBlock() in secdig.c, lines 92-95
/* make sure the parameters are not too
Peter,
From: Peter Gutmann [mailto:[EMAIL PROTECTED]
David Wagner [EMAIL PROTECTED] writes:
(a) Any implementation that doesn't check whether there is
extra junk
left over after the hash digest isn't implementing the PKCS#1.5
standard correctly. That's a bug in the implementation.
Peter,
From: Peter Gutmann [mailto:[EMAIL PROTECTED]
Kuehn, Ulrich [EMAIL PROTECTED] writes:
But the PKCS#1 spec talks about building up the complete padded
signature input at the verifier, and then comparing it.
Uhh, did you actually read the rest of my post? *One variant
From: Ralf-Philipp Weinmann
[mailto:[EMAIL PROTECTED]
[...]
Unfortunately we only found out that there has been prior art
by Yutaka Oiwa et al. *AFTER* we successfully forged a
certificate using this method (we being Andrei Pyshkin, Erik
Tews and myself).
The certificate we forged
I noticed the exact same code being present in the mozilla 1.7.13 source ... I
wonder what the correct consequence would be? Have us crypto people proof-read
all relevant source code? Better educate developers?
Interestingly the attacker's playground between the 0, 1, 0 and the hash gets
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]
Sent: Samstag, 9. September 2006 22:39
To: Adam Back
Cc: Travis H.; Cryptography; Anton Stiglic
Subject: Re: IGE mode is broken (Re: IGE mode in OpenSSL)
[...]
In any case, I am not actually interested IGE itself,
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
The thing I've always wondered about stream ciphers is why we only
talk about linear ones. A stream cipher is fundamentally constructed
of two things: A stream of bits (alleged to be unpredictable) as
long as
From: Travis H. [mailto:[EMAIL PROTECTED]
On 5/4/06, markus reichelt [EMAIL PROTECTED] wrote:
Agreed; but regarding unix systems, I know of none crypto
implementation that does integrity checking. Not just de/encrypt the
data, but verify that the encrypted data has not been tampered
-Ursprüngliche Nachricht-
Von: Nicholas Bohm [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 6. Dezember 2005 12:03
An: Florian Weimer
Cc: cryptography@metzdowd.com
Betreff: Re: [Clips] Banks Seek Better Online-Security Tools
Florian Weimer wrote:
* Nicholas Bohm:
[...]
I
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk
Gesendet: Freitag, 28. Oktober 2005 06:07
An: [EMAIL PROTECTED]; cryptography@metzdowd.com
Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation]
Wasn't there a rumor last year
John Kelsey wrote:
Unfortunately, we can't make this argument, because this
postulated collision algorithm can't be used to find a
collision in the whole SHA256 more efficiently than brute force.
Let's do the counting argument: Each time we call the
160-bit collision algorithm, we
15 matches
Mail list logo