### Re: fyi: On-card displays

At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote: Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays:

### Re: Did Hezbollah use SIGINT against Israel?

| http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story | | That isn't supposed to be possible these days... (I regard it as more | likely that they were doing traffic analysis and direction-finding than | actually cracking the ciphers.) Newspaper

### RE: Exponent 3 damage spreads...

Anton Stiglic writes: I tried coming up with my own forged signature that could be validated with OpenSSL (which I intended to use to test other libraries). ... Now let's look at s^3 1FFF\

### RE: Exponent 3 damage spreads...

Anton, Here is what I compute in Maple. I wonder if you are running into an old BC bug. I don't remember the details, but bc had a bug some 10 years or so ago with big numbers. with(numtheory): s:=convert(`00D3CDA91B578B6DF29AEB140272BD9198759F79FA10DC410B5D10362048AC7A

### Public Key Cryptography 30th Anniversary Event - 10/26, Mountain View CA

From: Computer History Museum [EMAIL PROTECTED] Subject: Public Key Cryptography 30th Anniversary Event - October 26 Celebrating 30 years of Public Key Cryptography (PKC) Join the Computer History Museum for a special public event celebrating 30 years of public key cryptography. This memorable

### RE: Exponent 3 damage spreads...

Peter, From: Peter Gutmann [mailto:[EMAIL PROTECTED] David Wagner [EMAIL PROTECTED] writes: (a) Any implementation that doesn't check whether there is extra junk left over after the hash digest isn't implementing the PKCS#1.5 standard correctly. That's a bug in the implementation.

### RE: Exponent 3 damage spreads...

Kuehn, Ulrich [EMAIL PROTECTED] writes: But the PKCS#1 spec talks about building up the complete padded signature input at the verifier, and then comparing it. Uhh, did you actually read the rest of my post? *One variant of the PKCS #1 spec, that didn't exist at the time the the affected other

### RE: Exponent 3 damage spreads...

Peter, From: Peter Gutmann [mailto:[EMAIL PROTECTED] Kuehn, Ulrich [EMAIL PROTECTED] writes: But the PKCS#1 spec talks about building up the complete padded signature input at the verifier, and then comparing it. Uhh, did you actually read the rest of my post? *One variant of the

### RE: Exponent 3 damage spreads...

Thanks for taking the time to look at this. But I recounted, and I count 765 hex (with the formatting I get in my mail, 11 lines of 68 hex + 17 hex at the end), which gives 3060 bits. Considering that the first hex is 1 and can be represented in 1 bit, not for, that would give 3060 - 3 = 3057

### Re: Why the exponent 3 error happened:

As other's have mentioned, I don't believe the small RSA exponent (e = 3) is to blame in Bleichenbacher's attack. Indeed, the mathematical problem of computing the cubic root of m modulo an rsa modulus n, for a *fixed*, arbitrary m, is still considered to be hard (no one has shown the opposite).

### Re: Did Hezbollah use SIGINT against Israel?

On Wed, 20 Sep 2006, Steven M. Bellovin wrote: http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story That isn't supposed to be possible these days... It is not clear that with modern technology interception is impossible, at least during Second Gulf War

### Re: Exponent 3 damage spreads...

[EMAIL PROTECTED] (Peter Gutmann) writes: Consequently, I think the focus on e=3 is misguided. It's not at all misguided. This whole debate about trying to hang on to e=3 seems like the argument about epicycles, you modify the theory to handle anomalies, then you modify it again to handle

### RE: Exponent 3 damage spreads...

Kuehn, Ulrich [EMAIL PROTECTED] writes: 10.2.3 Data decoding The data D shall be BER-decoded to give an ASN.1 value of type DigestInfo, which shall be separated into a message digest MD and a message-digest algorithm identifier. The message-digest algorithm

### Call for papers for Fast Software Encryption (FSE 2007)

Fast Software Encryption 2007 *March 26-28* *Luxembourg city**, Luxembourg** * [image: IACR] http://www.iacr.org/ Call for Papers FSE 2007 is the 14th annual Fast Software Encryption workshop, for the sixth year sponsored by the International Association for Cryptologic

### Re: Exponent 3 damage spreads...

On Thu, 21 Sep 2006 07:00:03 -0400, Whyte, William [EMAIL PROTECTED] wrote: Similarly, the thousands of words of nitpicking standards, bashing ASN.1, and so on ad nauseum, can be eliminated entirely by following one simple rule: Don't use e=3 I'd extend it to don't use e = 17.