### Re: RSA signatures without padding

There is an attack against this type of RSA signature scheme, although cannot remember just now if it requires that the verfication exponent be small (ie. e=3). The attack I am trying to recall is a chosen-message attack and its efficiency is related to the probability that a random 128-bit

### Re: RSA signatures without padding

Taral wrote: On 6/20/05, James Muir [EMAIL PROTECTED] wrote: The attack I am trying to recall is a chosen-message attack and its efficiency is related to the probability that a random 128-bit integer can be factorized over a small set of primes (ie. the prob that a uniformily selected 128-bit

### Re: Symmetric ciphers as hash functions

Tom Shrimpton (http://www.cs.pdx.edu/~teshrim/) does research in this area (ie. using block ciphers to build hash functions). See the papers on his web site; in particular: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV [pdf] [ps] John Black, Phillip

### Re: webcam encryption beats quasar encryption

bits generated by an orbiting satellite. Quasar encryption is likely impractical, but there could be more to it than you think. However, I did think web cam encryption was funny. :-) -James -- James Muir, [EMAIL PROTECTED] School of Computer Science, Carleton University http

### Re: the meaning of linearity, was Re: picking a hash function to be encrypted

Travis H. wrote: - Stream ciphers (additive) This reminds me, when people talk about linearity with regard to a function, for example CRCs, exactly what sense of the word do they mean? I can understand f(x) = ax + b being linear, but how exactly does XOR get involved, and are there +-linear

### Re: Selective disclosure

I think the first people to consider i can find Waldo proofs were Naor, Naor Reingold. You might want to add a reference to their paper Applied Kid Cryptography in your write-up: http://www.wisdom.weizmann.ac.il/~naor/PAPERS/waldo_abs.html -James Ben Laurie wrote: I recently wrote a

### stickers can deter car theft

I thought this was an interesting security-related story: http://www.cbc.ca/canada/nova-scotia/story/2007/05/25/decal-car.html quoting from the article: The black-and-yellow sticker, which only costs a loonie, is an invitation for police to pull over your vehicle if it's on the road after 1

### Re: fyi: Adi Shamir's microprocessor bug attack

' =JeffH ' wrote: From: John Young [EMAIL PROTECTED] Subject: Adi Shamir's microprocessor bug attack To: [EMAIL PROTECTED] Date: Sat, 17 Nov 2007 09:50:31 -0500 (GMT-05:00) Adi Shamir's note on a microprocessor bug attack on public key cryptography featured in the NY Times today:

### Re: fyi: Adi Shamir's microprocessor bug attack

James A. Donald wrote: James Muir wrote: Can anyone think of a deployed implementation of RSA signatures that would be vulnerable to the attack Shamir mentions? Hashing and message blinding would seem to thwart it. As I said, public key encryption has long been known to be weak against

### Re: Estimated 10 million dollars lost in parking meter fraud

michael taylor wrote: http://www.torontosun.com/News/TorontoAndGTA/2008/04/18/5320936-sun.html The city is playing a \$10M game of catchup to stymie thieves using bogus credit cards to get free parking An assuming read. The article mentions the Europark Card; you buy it online for \$15 (the

### Re: A call for aid in cracking a 1024-bit malware key

Steven M. Bellovin wrote: According to http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818intsrc=hm_list%3E%20articleId=9094818intsrc=hm_list some new malware is encrypting files with a 1024-bit RSA key. Victims are asked to pay a random to get their files

### Re: Ransomware

Marcos el Ruptor wrote: I've just looked at the virus. Just curious -- where were you able to download the virus from? -James - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

### Re: Cube cryptanalysis?

Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 I just noticed

### Re: Cube cryptanalysis?

Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 Given all the

### Re: Cube cryptanalysis?

Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 Given all the

### no warrant required

From today's (13 Feb 2009) National Post: http://www.nationalpost.com/news/story.html?id=1283120 excerpt: An Ontario Superior Court ruling could open the door to police routinely using Internet Protocol addresses to find out the names of people online, without any need for a search warrant.

### Re: consulting question....

Ray Dillinger wrote: Does anyone feel that I have said anything untrue? Can anyone point me at good information uses I can use to help prove the case to a bunch of skeptics who are considering throwing away their hard-earned money on a scheme that, in light of security experience, seems

### Re: white-box crypto Was: consulting question....

Alexander Klimov wrote: On Tue, 26 May 2009, James Muir wrote: There is some academic work on how to protect crypto in software from reverse engineering. Look-up white-box cryptography. Disclosure: the company I work for does white-box crypto. Could you explain what is the point of white

### Re: padding attack vs. PKCS7

travis+ml-cryptogra...@subspacefield.org wrote: http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ Towards the end of this rather offbeat blog post they describe a rather clever attack which is possible when the application provides error messages

### Re: 1024 bit RSA cracked?

The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true, said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science, in a

### copy of On the generation of DSS one-time keys?

Daniel Bleichenbacher presented an implementation attack against DSA in 2001 titled On the generation of DSS one-time keys. I think it made the rounds as a preprint, but I don't know if it was ever officially published. It's cited frequently (e.g. in the SEC1 doc