I believe the IPSec primes had been proven. All are SG primes with a g=2
Check RFC 2412, draft-ietf-ipsec-ikev2-05.txt, and
draft-ietf-ipsec-ike-modp-groups-05.txt
However, I don't seen any primality proof certificates included in the
texts.
On Thu, 6 Mar 2003, Ben Laurie wrote:
> I'm looking f
On 24 Jan 2003, Perry E. Metzger wrote:
> The uncompressed paper is about 450k but I've gzipped it down to
> 146k. Lacking a better place to put it and having been asked by a
> number of people, I'm sending it out here. My apologies to those who
> are inconvenienced but I think it is a pretty impo
On 20 Jan 2003, David Wagner wrote:
> If you're worried about the security of allowing Scott to choose the
> low bits of Alice's public key, you could have Scott and Alice perform
> a joint coin-flipping protocol to select a random 64-bit string that
> neither can control, then proceed as before.
On Mon, 20 Jan 2003, Jeroen C. van Gelderen wrote:
> It would seem that the DSA key structure facilitates this:
>
> 1. Scott sends SEED1 to Alice.
> 2. Alice picks a random number SEED2.
> 3. Alice sets SEED=SHA1(SEED1 || SEED2).
> 4. Alice generates a set of DSA parameters P, Q, G using the
>
On Tue, 22 Oct 2002, Adam Back wrote:
> The one difference which is an incremental improvement over raw
> CBC-MAC is that the final CBC-MAC a-like output is encrypted with the
> 2nd key K3. (K3 defined as K2 xor salt, K2 an independent key).
Which isn't even a new idea (it's done in ANSI X9.19,
Does anyone know where I can find P.G. Comba's paper "Exponentiation
Cryptosystems on the IBM PC", published in IBM Sys Journal vol 29? I have
looked everywhere and come up dry; a reference here and there, and that's
about it.
Was it republished somewhere under a different title, perhaps?
Thanks
On Mon, 29 Jul 2002, David Wagner wrote:
> > DES, being extremely hardware friendly, can be (ab)used to
> > make a strong one-way hash. (E.g., raw input into both key and data maps
> > 56+64 -> uniformly distributed 64 bits.)
>
> However, when used in this way, DES is not an especially good hash
On Tue, 23 Jul 2002, John S. Denker wrote:
> -- I am told (but don't understand) that there might exist
> a weaker hash that somehow does require whitening. This
> is the point of the conversation. Please address this
> point if you can.
Perhaps they were refering to something lik