Re: Secure Science issues preview of their upcoming block cipher

2005-05-20 Thread Tom St Denis
On Tue, 29 Mar 2005 16:06:05 +0100, Ian G [EMAIL PROTECTED] wrote: I'd be interested to hear why he wants to improve on AES. The issue with doing that is that any marginal improvements he makes will have trouble overcoming the costs involved with others analysing his work. Several things

Re: Feedback from the LibTomMath Book?

2003-06-28 Thread tom st denis
[Originally I was going to make this a private reply but since I have a cool explanation of Karatsuba I'll share it with the group] --- Anton Stiglic [EMAIL PROTECTED] wrote: I think it looks pretty good!. Here are some comments: On page 82 you mention Fourier Transform based solutions,

Feedback from the LibTomMath Book?

2003-06-27 Thread tom st denis
Close to 100 people have downloaded the book so far [which is alot given the nature of the book] and although it has only been two days I was wondering if anyone has any initial impressions [good or bad]. I'm going to start the editing phase of the text fairly soon so I'd like to know what people

Draft Edition of LibTomMath book

2003-06-25 Thread tom st denis
The Draft Edition of the LibTomMath book [book about how to implement bignum math] is freely available on my site at http://book.libtomcrypt.org Keep in mind it is a draft and has not been edited yet. However, if you ever wanted to learn how to implement efficient [portable too] bignum math

re: Draft Edition of LibTomMath book

2003-06-25 Thread tom st denis
Just a quick comment. The PDF is not a web friendly PDF so you if you are trying to view it inline with your browser you have to wait for it to download completely first. I've managed 80KB/sec off the site so it doesn't take too long to grab it.Alternatively you can grab the .PDF.BZ2 file

Re: Draft Edition of LibTomMath book

2003-06-25 Thread tom st denis
--- bear [EMAIL PROTECTED] wrote: One thing that I've noticed for a long time is that there are *VERY* few math libraries that don't leave whatever numbers they're working with in memory when deallocating (deallocating heap via free() or deallocating stack via returning from a procedure call

Re: Session Fixation Vulnerability in Web Based Apps

2003-06-13 Thread tom st denis
--- James A. Donald [EMAIL PROTECTED] wrote: -- On 12 Jun 2003 at 16:25, Steve Schear wrote: http://www.acros.si/papers/session_fixation.pdf Wow. This flaw is massive, and the biggest villain is the server side code created for Apache. You really lack some fundamental

Re: An attack on paypal

2003-06-12 Thread tom st denis
--- James A. Donald [EMAIL PROTECTED] wrote: -- On 11 Jun 2003 at 20:07, Steven M. Bellovin wrote: Let me point folk at http://www.securityfocus.com/news/5654 for a related issue. To put it very briefly, *real* authentication is hard. I don't think so. Verisign's