http://cr.yp.to/talks.html#2005.06.01 has slides that people might find
useful as an overview of what's going on. In particular, there's a list
of six obstacles to performing array lookups in constant time. People
who mention just one of the obstacles are oversimplifying the problem.
Hal Finney
MasterCard reported the exposure of up to 40,000,000 credit card
numbers at CardSystems Solutions, a third-party processor of credit
card data. CardSystems was infected with a script that targeted
specific data. In other words, this wasn't the usual carelessness,
this was enemy action, and
[EMAIL PROTECTED] (Peter Gutmann) writes:
[EMAIL PROTECTED] (Hal Finney) writes:
Steven M. Bellovin writes:
Dan Bernstein has a new cache timing attack on AES:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
This is a pretty alarming attack.
It is? Recovering a key from a
Peter Gutmann wrote:
Stephan Neuhaus [EMAIL PROTECTED] writes:
Concerning the practical use of AES, you may be right (even though it would
be nice to have some advice on what one *should* do instead).
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
I
Stephan Neuhaus [EMAIL PROTECTED] writes:
Concerning the practical use of AES, you may be right (even though it would
be nice to have some advice on what one *should* do instead).
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
But as far as I know, resistance
I came across an application which uses RSA signatures on plain MD5
hashes, without padding (the more significant bits are all zero).
Even worse, the application doesn't check if the padding bits are
actually zero during signature verification. The downside is that the
encryption exponent is
On Mon, Jun 20, 2005 at 01:54:46AM -, D. J. Bernstein wrote:
One can carry out the final search with nothing more than known
ciphertext: try decrypting the ciphertext with each key and see which
result looks most plausible. It should even be possible to carry out a
timing attack with
On Fri, 17 Jun 2005, Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions,
but that would require rolling out new readers to all the merchants.
I was amazed to hear of the UK's fast
There is an attack against this type of RSA signature scheme, although
cannot remember just now if it requires that the verfication exponent be
small (ie. e=3).
The attack I am trying to recall is a chosen-message attack and its
efficiency is related to the probability that a random 128-bit
Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about who authorised the transaction - it is
On 6/20/05, James Muir [EMAIL PROTECTED] wrote:
The attack I am trying to recall is a chosen-message attack and its
efficiency is related to the probability that a random 128-bit integer can
be factorized over a small set of primes (ie. the prob that a uniformily
selected 128-bit integer is
Taral wrote:
On 6/20/05, James Muir [EMAIL PROTECTED] wrote:
The attack I am trying to recall is a chosen-message attack and its
efficiency is related to the probability that a random 128-bit integer can
be factorized over a small set of primes (ie. the prob that a uniformily
selected 128-bit
Steven M. Bellovin wrote:
MasterCard reported the exposure of up to 40,000,000 credit card
numbers at CardSystems Solutions, a third-party processor of credit
card data. CardSystems was infected with a script that targeted
specific data. In other words, this wasn't the usual carelessness,
13 matches
Mail list logo