Lance James wrote:
The site asks for your user name and password, as well as the
token-generated key. If you visit the site and enter bogus information to
test whether the site is legit -- a tactic used by some security-savvy
people -- you might be fooled. That's because this site acts as the
[EMAIL PROTECTED] wrote:
I can corroborate the quote in that much of SarbOx and
other recent regs very nearly have a guilty unless proven
innocent quality, that banks (especially) and others are
called upon to prove a negative: X {could,did} not happen.
California SB1386 roughly says the same
Ondrej Mikle wrote:
I believe I have the proof that factorization of N=p*q (p, q prime) is
polynomially reducible to discrete logarithm problem. Is it a known fact
or not?
Be careful: when most people talk about the assumption that the
discrete log problem being hard, they usually are
You're talking about entirely different stuff, Lynn,
but you are correct that data fusion at IRS and everywhere
else is aided and abetted by substantially increased record
keeping requirements. Remember, Poindexter's TIA thing did
*not* posit new information sources, just fusing existing
sources
[EMAIL PROTECTED]
Been with a reasonable number of General Counsels
on this sort of thing. Maybe you can blame them
and not SB1386 for saying that if you cannot prove
the data didn't spill then it is better corporate
risk management to act as if it did spill.
Well, are you sure you haven't
[EMAIL PROTECTED] wrote:
You're talking about entirely different stuff, Lynn,
but you are correct that data fusion at IRS and everywhere
else is aided and abetted by substantially increased record
keeping requirements. Remember, Poindexter's TIA thing did
*not* posit new information sources,
On 7/11/06, Adam Fields [EMAIL PROTECTED] wrote:
On Tue, Jul 11, 2006 at 01:02:27PM -0400, Leichter, Jerry wrote:
Business ultimately depends on trust. There's some study out there -
Trust is not quite the opposite of security (in the sense of an
action, not as a state of being), but certainly
- Original Message -
From: Zooko O'Whielacronx [EMAIL PROTECTED]
...
The AES competition resulted in a block cipher that was faster as
well as safer than the previous standards. I hope that the next
generation of hash functions achieve something similar, because for
my use cases
On 7/9/06, Ondrej Mikle [EMAIL PROTECTED] wrote:
I believe I have the proof that factorization of N=p*q (p, q prime) is
polynomially reducible to discrete logarithm problem. Is it a known fact
or not? I searched for such proof, but only found that the two problems
are believed to be equivalent
On Tue, 11 Jul 2006, Anne Lynn Wheeler wrote:
| ...independent operation/sources/entities have been used for a variety of
| different purposes. however, my claim has been then auditing has been used
to
| look for inconsistencies. this has worked better in situations where there
was
| independent
Travis H. wrote:
On 7/11/06, Zooko O'Whielacronx [EMAIL PROTECTED] wrote:
I hope that the hash function designers will be aware that hash
functions are being used in more and more contexts outside of the
traditional digital signatures and MACs. These new contexts include
filesystems like ZFS
The algorithm is very simple:
1. Choose a big random value x from some very broad range
(say, {1,2,..,N^2}).
2. Pick a random element g (mod N).
3. Compute y = g^x (mod N).
4. Ask for the discrete log of y to the base g, and get back some
answer x' such that y = g^x' (mod N).
Not exactly. Consider N = 3*7 = 21, phi(N) = 12, g = 4, x = 2, x' = 5.
You'll only get a multiple of phi(N) if g was a generator of the
multiplicative group Z_N^*.
When N is a large RSA modulus, there is a non-trivial probability that g
will be a generator (or that g will be such that x-x' lets
David Wagner wrote:
The algorithm is very simple:
1. Choose a big random value x from some very broad range
(say, {1,2,..,N^2}).
2. Pick a random element g (mod N).
3. Compute y = g^x (mod N).
4. Ask for the discrete log of y to the base g, and get back some
answer x' such that y = g^x' (mod
David Wagner writes:
SB1386 says that if a company conducts business in Caliornia and
has a system that includes personal information stored in unencrypted from
and if that company discovers or is notified of a breach of the security
that system, then the company must notify any California
On Tue, Jul 11, 2006 at 05:50:06PM -0700, David Wagner wrote:
No, it doesn't. I think you've got it backwards. That's not what SB1386
says. SB1386 says that if a company conducts business in Caliornia and
has a system that includes personal information stored in unencrypted from
and if
16 matches
Mail list logo