Cryptography-Digest Digest #377, Volume #12 Tue, 8 Aug 00 02:13:00 EDT
Contents:
Re: Software package locking ("Rick Braddam")
Re: Proposal: Timestamping Roundtable w/ PGP Sigs. ("Kurt Mueller")
Re: Authentication over the internet ("Joseph Ashwood")
Re: Password Protected Documents ("Ilya O. Levin")
Re: OTP using BBS generator? (David Hopwood)
Re: Applications for One-Way Function? (David Hopwood)
FIPS140-1 and DRAFT FIPS140-2 statistical tests ("Neal Bridges")
Re: OTP using BBS generator? (Bryan Olson)
Re: Special RSA moduli ("Peter L. Montgomery")
Secret Conversations ([EMAIL PROTECTED])
More Secret Conversations ([EMAIL PROTECTED])
Re: OTP using BBS generator? (Bryan Olson)
Last secret conversation (maybe more if time permits) ([EMAIL PROTECTED])
Re: IV for arfour (Guy Macon)
Re: Q: CD (Guy Macon)
Re: New William Friedman Crypto Patent (filed in 1933) ([EMAIL PROTECTED])
Re: Special RSA moduli (David A Molnar)
Re: Q: CD (Guy Macon)
Re: Secure Operating Systems (Guy Macon)
----------------------------------------------------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: Software package locking
Date: Mon, 7 Aug 2000 20:31:22 -0500
Reply-To: "Rick Braddam" <[EMAIL PROTECTED]>
Trevor, I think you have some very good ideas here, but that you may not
be carrying them far enough. For example, an attacker can come in through
a boot sector infector, so you need to write your own pseudo boot sector
infector to protect your programs from them. In all cases, you must get
there first. That's not the whole problem, you have to stay there, too.
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote:
>
> > Trevor, a couple of questions/comments:
> >
> > 1) You mention that there are certain tricks you can do that will foil
> > debuggers, like overwriting the breakpoint interrupt address, etc.
> > Which operating system are you talking about? It doesn't seem like
this
> > would work for Win32 programs where the user-level programs don't have
> > the privileges that you're talking about. Since everything is
> > practically virtualized, you wouldn't have the control that you
> > ultimately require. It might work for DOS, but who cares?
>
> As I mentioned in the original description software running at less than
> maximum privileges is wide open. Using your example of Win32 programs,
you'd
> need a VXD or something similar to circumvent the virtualization. There
are
> lots of nooks and crannies in the Windows(!tm) API that represent ways
to gain
> privilege.
Apparently fathaka forgot for a moment that some apps have Ring 0 code in
VxDs. The proliferation of malware like Boot Sector Infectors (BSIs),
trojans, viruses, et cetera, proves the concept is viable.
> > If you, yourself, implemented this type of "anti-debugging"
protection,
> > how would you, as a software provider, implement bug fixes? It seems
as
> > though you wouldn't be able to debug your own program effectively.
>
> Good question. The simple answer is that the security features are
> configurable at build time. The fundamental application can be debugged
> without any security active.
Here are a couple more things you may have considered:
1. Build the security features as a separate system. Make your first
objective preventing malware from being installed and/or activated. You
might start with a BSI to prevent other BSIs from being installed, a DOS
TSR to hook particular DOS interrupts and services, and one or more Win9x
VxDs to hook virtual interrupts and services.
2. Make the security features customizable at run time. The entry
point called by installation programs introduces a vulnerability, but
allows the security system to protect any software installed. The security
system could require user input to authorize installation of software
which is potentially harmful or otherwise intrusive.
> This then provides a base line for regression
> testing of the protected versions. The components of the security such
as
> function pro/epilogs and vector table intercepts can be individually
> configured. More interestingly the syndromes for the debuggers to be
> inhibited are independent. So, to use your examples, I can test the
Codeview
> configuration under Soft-ICE, the Soft-ICE configuration under Watcom,
and
> Watcom under Codeview.
That might not be so easy using the system I've outlined, but I'm sure it
wouldn't be impossible.
> The situation is purposefully similar to writing a debugger.
It looks like it would be practically identical to me, with additional
requirements.
> Can it debug
> itself? Not if it insists on controlling some unique resource. Assume
that
> the debugger replaces the DPMI service layer or something similar. Then
> debugging the debugger implies that there are two competing replacements
for
> the DPMI service. This causes problems.
The same problems it causes for debugging it causes for attackers. If the
security system can be gotten to the point where it makes debugging
impossible (even with a bus card?), it *may* be able to do its job. This
may require changes or additions to the BIOS.
<snip>
> > The only question is whether or not your software is worth their time
and
> > effort.
>
> Exactly. My claim is that in almost every case one can make it _not_
worth
> their time and effort. ;-)
I think you are right. Especially if the security system authenticates
itself and protects itself from pre-emption or corruption; and the
application disables itself if the security system is not present or
doesn't validate itself to the app. Please reply by email if you wish to
discuss this further, as I think it is off topic for sci.crypt.
Rick
------------------------------
From: "Kurt Mueller" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.test
Subject: Re: Proposal: Timestamping Roundtable w/ PGP Sigs.
Date: Mon, 7 Aug 2000 22:08:35 -0400
Doesn't such a service already exist?
http://www.itconsult.co.uk/stamper.htm
--
===============================
Kurt Mueller
[EMAIL PROTECTED]
PGP mail preferred! Get my keys at:
http://www.bigfoot.com/~kurtm3
Signed. Sealed. Delivered.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Authentication over the internet
Date: Mon, 7 Aug 2000 19:23:07 -0700
The multitudes don't even begin to build up steam in your list. There's
also:
EKE
SPEKE
Kerberos
PGP
Arcot
SRP
IPSec
etc
Some are well used, like the SecurId tokens, some are used much less. Some
are quite secure, some are not as secure.
Joseph Ashwood
Arcot Systems Inc
"MJYoung" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> If you are only using a Browser, there are many different ways to
> authenticate without the use of clinet software. Digital Certificates,
> SecureIDs from RSA. Smart cards. I did not say no use of server
> software. I work for a PKI vendor, and I'd like to know what other forms
> of authentication is out there.
>
> MJY
>
> tomstd wrote:
>
> > MJYoung <[EMAIL PROTECTED]> wrote:
> > >Has anyone written a white paper about strong authentication
> > over the
> > >internet?
> > >I'm looking for various ways to authenticate people without
> > using any
> > >client software.
> > >Cost should be minimal and web-based.
> >
> > Um how do you expect authentication without using a software?
> > Ask the user to calculate the product of two 100 digit numbers?
> > hmm.. not likely.
> >
> > At worst you should use a java applet or something.
> >
> > If you mean cost as in moola, well teach yourself some math and
> > you can do it yourself for free.
> >
> > Web-based? WTF does that mean? Wouldn't some web utilization
> > device be considered a client application?
> >
> > Tom
> >
> > -----------------------------------------------------------
> >
> > Got questions? Get answers over the phone at Keen.com.
> > Up to 100 minutes free!
> > http://www.keen.com
>
------------------------------
From: "Ilya O. Levin" <[EMAIL PROTECTED]>
Subject: Re: Password Protected Documents
Date: Tue, 8 Aug 2000 08:13:25 +0600
> From: "Ed Suominen" <[EMAIL PROTECTED]>
>
> To solve this problem, you could simply use public key cryptography
> to store a public key of the password in the document for write
> acccess. When someone enters a password for write access, a public
> key can be computed from it and compared to the stored public key.
> The password will not appear anywhere in the document, and deriving
> it will require solving one of the Hard Problems (Prime factors, DLP,
> ECDLP).
Nonsense. Public key cryptography would not help here, better use hash
instead. Otherwise it will extremely easy to find out (by debugging ) a
private key stored inside software and recover password. The only one way to
recover hashed password is brute force.
But no hash nor public key can be useful against plain document tampering.
For example, I've my own document in both normal and protected mode. Simple
compare will shows me on what offset a password data stored (remember about
no content encryption?) and how is my password crypted. E.g. I've used a
password 'asdfg' and it has been stored as 6BADC0DE. Voila. Now I can use
any hex editor and patch any "protected" document with my crypted password.
Or simply cut off any password data and patch a document back to unprotected
mode.
Sincerely,
Ilya O. Levin
---
http://www.code.f2s.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 08 Aug 2000 11:49:08 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: OTP using BBS generator?
=====BEGIN PGP SIGNED MESSAGE=====
Terry Ritter wrote:
> On Sun, 06 Aug 2000 23:10:25 GMT, in
> <[EMAIL PROTECTED]>, in sci.crypt Benjamin Goldberg
> <[EMAIL PROTECTED]> wrote:
> >b) If the factors of the modulus AREN'T congruent to 3 mod 4, then what?
>
> Presumably there would be no advantage in doing that.
The factors of the modulus must be congruent to 3 mod 4 in order for the
proofs in the BBS paper to apply. Note that this is entirely independent
of the issue of short cycles.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOY/liTkCAxeYt5gVAQG9ygf+I0Qo7hUQI67YnDwLA1Jj7fE01NTwx+Dp
TxQKLS4KsKul7cg3Irev8c2qGCArj5zu8pe6rKOiRiDSzBrkuDo7aFr74TuqTqhr
24w5ogoYg0tHoEhPfM4qX86WeU75+PKDPX2JcBZIgomIRQO5oFSfwuQnUSLVPA/x
FWZMoGXGFIwjjSmAOiyOkphiWRK+YMPrJGtdGKiqf4vOk5WPKF7oSKy43Tf9p+pL
q880WBrGzgRLdf5WOPHNHMFlgYv2KJJ/Km4oveZkVn5h4Xe4+eXDk0D/OQQFMtVR
RB9RCmEi8keES0hZw0qzjC562rGPbe9MPDbucdt1HJ3qLbc1obaU2Q==
=9H8l
=====END PGP SIGNATURE=====
------------------------------
Date: Tue, 08 Aug 2000 14:52:39 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Applications for One-Way Function?
=====BEGIN PGP SIGNED MESSAGE=====
Mok-Kong Shen wrote:
> If a oneway function is used to store passwords in a file, then
> that file is naturally protected by system-level access capability.
> Anyone that could get that file is likely also to be able to
> install a piece of software that intercepts what the user inputs
> to the module that computes the oneway function.
That is true to some extent, but note that:
- it's not uncommon that a security weakness allows reading files,
but not running or installing arbitrary code on an attacked system,
- installing software involves an ongoing risk of detection for
the attacker, especially since he/she must have some way of
retrieving the logged information.
So using one-way hashes of passwords is worthwhile, even though it won't
help against some types of attack.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOZAQjjkCAxeYt5gVAQGjqQf/WAQpFRnqLBzDXE6iA0QPpfPRzs/zfivN
7iAVcnxZP0ycdkV1qjj2xQ1rRWJ/LUJgnmCKAJHslBrul878W6+nsZvyMMmfglEe
AfaV5V5Au2zJRadLWPbneKjOihRF3+9SQCuz2pvd0s7/KNvrZOBGVAmy/ki0R5y1
19YkUc6A9qbqhqKoDQ7QFKFESIoI95+H3pI/YQUy8SrJ00SeaRkQzh3b9zutYJFU
nyhmEQ4KpxYqzTStryHV6LFod1kWtgxMKlbY7uwNAB92KVdDmAt4i5kJ4DR8Ubr6
SilBme9jUGGQ9BqahGH3tNQssbo79A5fum4hxCF8zl/fJ4tUSiUFOg==
=eN7f
=====END PGP SIGNATURE=====
------------------------------
From: "Neal Bridges" <[EMAIL PROTECTED]>
Subject: FIPS140-1 and DRAFT FIPS140-2 statistical tests
Date: Tue, 08 Aug 2000 03:47:56 GMT
I needed these and couldn't turn them up in a search, so I wrote them -- the
statistical tests for random-number generators, as specified in FIPS140-1
and DRAFT FIPS140-2. Executables for DOS, with source:
<http://quartus.net/files/Misc/>
--
Neal Bridges
<http://www.quartus.net> Quartus Handheld Software!
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: OTP using BBS generator?
Date: Tue, 08 Aug 2000 04:19:51 GMT
Mok-Kong Shen wrote:
> Bryan Olson wrote:
> I am afraid either the phrase 'but only modest skill should
> enable one to recognize that the author are not lazy nor
> careless' is not objective or you are demanding a skill that
> you condider to be modest but actually is not for the average
> people.
I suppose you are right that one will not be able to tell,
given that he is both unwilling to deeply study the material
for himself, and cannot trust the consensus of experts if
there is one claim, even completely unsubstantiated, against
them.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Peter L. Montgomery" <[EMAIL PROTECTED]>
Subject: Re: Special RSA moduli
Date: Tue, 8 Aug 2000 04:55:21 GMT
In article <[EMAIL PROTECTED]> JCA <[EMAIL PROTECTED]> writes:
> I am looking for discussions on RSA moduli N of the
>form N= p^r*q, where p, q are odd primes, and r is a
>positive integer. I am particularly interested in security/
>speedup tradeoffs for this kind of moduli.
Be forewarned that if r > 1, then some some encrypted messages
(with exponent e > 1) will lack unique decryptions. Specifically, if
m1 = p^(r-1) * q
m2 = 0
then m1^e == m2^e == 0 (mod N) but m1 <==> m2 (mod N).
--
E = m c^2. Einstein = Man of the Century. Why the squaring?
[EMAIL PROTECTED] Home: San Rafael, California
Microsoft Research and CWI
------------------------------
From: [EMAIL PROTECTED]
Subject: Secret Conversations
Date: Tue, 08 Aug 2000 05:17:47 GMT
On the Subject of Dreams
A Master and disciple are sitting near a stream...
Master:
What is troubling you my favorite one?
Disciple:
I feel a deep wound in my being. For all my life I have been
conditioned to think one way, and all of a sudden someone said
something that was like a slap in my face. I tried to reject it, but is
was like an arrow that has penetrated my inner soul. It made me angry
and I immediately fought against the words.
Master:
Is what this person said true?
Disciple:
It can't be! For it goes counter to everything I have learned,
everything that I have lived for. My whole life I have been living for
certain truths that have been dear to me.
Master:
And why do you fight it?
Disciple:
To hold on to my truths and my values... my existence depends on what I
hold dear to my heart. I cling to these values because they define who
I am, what I do, what I represent. My confidence, my self-esteem,
everything would crumble down if what this person said was true. What
am I if I were not to hold on to ME, the things I believe in?
Master:
What are you if you were to wake from a dream?
There is a long silence as the disciple took in these words, and then a
big smile forms on his face.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: More Secret Conversations
Date: Tue, 08 Aug 2000 05:27:00 GMT
A Master and disciple are having a discussion under the bright moon of
a star lit sky.
Disciple:
I am sad Master
Master:
Why do you feel this way, my favorite one.
Disciple:
I have witnessed and experienced hate, greed, aggression, and the lies
others have committed. It saddens me deeply.
Master:
Can you not detach yourself from them?
Disciple:
I cannot, for I feel an obligation to correct them, and tell them the
false way of life they are leading.
Master:
What makes you feel they need to be corrected by you? What makes you
the sole judge of their behavior? Do you hold the answer to everyone's
life circumstances?
Disciple:
No. I would guess not. But I feel the pain and suffering that they must
be going through, and the affect is very real and related to me. I want
to show them the correct way.
Master:
Everyone was born in a life with experiences different than yours. What
is right for you does not necessarily mean it is right for them. A fish
born in water has no need for legs. What makes you think others need
your criticisms? What do you say to a mother who can only sell her body
to feed her child?
Disciple:
I understand what you are saying, but I am only trying to help them
out, spread the message to them.
Master:
People will listen only if they want to. A truly caring person is
someone who tries to understand others, and this compassion comes from
the heart. Simply understanding another's viewpoint already does a lot.
It is NOT related to bickering on who is right and who is wrong over
trivial things. A need to correct others and convert them to your way
of thinking only reflects on your need and dependence on proving
yourself right. Learn to be reflective... ego building does nothing but
put you at odds with others. Tolerance of differences in opinion is the
first step towards maturity.
Disciple:
I understand now. I guess I became so involved in trying to protect my
beliefs that I became the one who was not listening. I guess I was
afraid of being wrong, of losing my reputation, and my main concern was
to attack others who have differences in opinion with my own. I guess
it is I who is showing hate, greed, and aggression when I attack
other's beliefs, and try to prove them wrong. Now I understand how
people view my behavior.
Master:
And that is why you are my favorite one.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: OTP using BBS generator?
Date: Tue, 08 Aug 2000 05:26:14 GMT
Terry Ritter wrote:
> David Hopwood
> This argument has progressed to the point that my issues are virtually
> unassailable: they are easily understood and obviously correct,
> independent of any claim you may make. If you really have a result
> which conflicts with these points, it is time to re-think your math.
So once more you refuse to address what people are
saying. You bleat yet again that if a short
cycle happens it's weak, as if the post to which
you respond had said otherwise.
Care to try? Where is the proof that if one _does_ reject
short cycles one must, with probability one, get a
particular instance that is not predictable by an attacker
(given that general factoring is intractable)? We know that
such an attack cannot be based on a short cycle of the
generator state; you need not point that out again.
> You may have other issues, and I may or may not dispute them, but
> saying that I misunderstand is strange. Clearly you don't let a mere
> lack of context stop you from presenting your preconceptions.
There's no question that you misunderstood the BB&S
proof. Check out:
http://x64.deja.com/getdoc.xp?AN=637286423
where you state what you assumed the proofs guaranteed.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Last secret conversation (maybe more if time permits)
Date: Tue, 08 Aug 2000 05:36:22 GMT
In a quiet place within the confines of a small town, a Master and
disciple are sitting next to a flowing river...
Disciple:
Master, I do not understand why life can't be full of happiness at all
times.
Master:
What is troubling you?
Disciple:
Conflicts, conflicts, conflicts. There are just so many of them in my
life.
Master:
Who is causing the conflicts?
Disciple:
I don't know. I learned that the first step in changing others is to
change myself, but you can't keep giving in all the time right?
Master:
Conflicts are inevitable. No two personalities are alike, there are
bound to be differences. It's what you do with the differences that
determine whether you are happy or miserable.
Disciple:
I do not understand master. How can two people who disagree on
something make each other happy? What do you do when you have
differences with another person? What if my happiness is dependent on
someone being wrong and me being right?
Master:
As you travel your journey through life, there are bound to be those
you meet who are in tears, having met great difficulties in life. Then
there are times when you will meet those who have enjoyed great
happiness from accomplishing or experiencing something they have wanted
or needed. Which would you rather see?
Disciple:
Well, it depends on whether that person is someone I like, or someone I
hate. Right?
Master laughs.
Master:
What if you are dying on your deathbed, reflecting on your life? Would
it matter much then?
Disciple:
Well, I don't know. I guess at that moment, all those conflicts will
seem so insignificant and stupid. I will probably like to see everyone
happy.
Master:
Your life is very short and precious here. What you do with it
determines what you want out of life. Would you rather share happiness
with someone, or be part of a conflict with someone?
Disciple:
In this case, share happiness.
Master:
Would you rather share happiness with one person or many people?
Disciple:
Many of course.
The Master became silent after hearing this.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: IV for arfour
Date: 08 Aug 2000 05:52:50 GMT
Benjamin Goldberg wrote:
>
>
>Guy Macon wrote:
>>
>> Benjamin Goldberg wrote:
>> >
>> >Andreas Sewe wrote:
>> >>
>> >> Now suppose I get my permutations toying with 256 coloured marbles,
>> >> getting real random ones.
>> >
>> >You mean numbered, not colored marbles, cause most people can't
>> >destinguish between 256 different colors :)
>> >
>>
>> You are assuming that all marbles are of one uniform color.
>> Real marbles are often multicolored.
>
>Sure, but it's usually one base color swirled with 2-3 other colors -
>it would be easy to mistake, eg, a brown marble with red, blue, and
>green swirls for a brown marble with red, blue, and yellow swirls.
http://www.landofmarbles.com/
http://www.marblealan.com/my.htm
I win.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Q: CD
Date: 08 Aug 2000 05:59:49 GMT
[EMAIL PROTECTED] wrote:
>
>
>From what I understand, retail CDs are made by stamping them, like a
>vinyl record. CD-Rs have some type of chemical that reacts to the laser
>that burns data onto it.
>
>I would think that the problem isn't the writing of the cd data, but the
>reading of it. If you take 2 "rips" of the same audio data, chances are
>the bits are never exactly the same, due to vibrations in the cd reader,
>scratches on the surfaces, etc.
Nope. All such variations are removed. Errors are removed with the
error correction code, jitter is removed by reclocking, and noise is
removed by the first digital stage.
Make a copy of a copy of a copy of a copy of a copy of a copy of....
for as many times as you wish. Unless you arte getting unrecoverable
errors, (usually you don't), the 100th will sound like the 1st.
Now try the same thing with a cassette tape recorder...
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Tue, 08 Aug 2000 05:45:33 GMT
> The Torah is the old testament (the first half
of the Bible),
Almost right. The Torah is the first 5 books of
the Hebrew Bible (or Old Testament), the
remainder being grouped as Prophets and
Writings.
> it has no quasi-hypertextual commentary. You
may be thinking
> of the Talmud.
Spot on. The Talmud is full of commentary and
cross-references that certainly does anticipate
hypertext.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Special RSA moduli
Date: 8 Aug 2000 05:48:35 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <8mn890$d2t$[EMAIL PROTECTED]>,
> David A Molnar <[EMAIL PROTECTED]> wrote:
[snippage]
>> As far as I can tell, the case of a repeated prime factor in an
>> RSA modulus isn't covered by the appendix.
> Huh? Of course it is. Factoring p^2q with p~q is the same
> as factoring pqr with p~q~r. What matters to ECM is the SIZE of the
> factors. p~q~r is *slightly* easier because there are 3 primes,
> instead of 2, so it is 50% more likely that an EC modulo one of
> the primes will be smooth when there are 3. But 50% increase
> doesn't help much. It is only a small constant factor better.
My apologies, I wasn't clear. I should have written that the
appendix didn't seem to cover the dangers which are peculiar
to using repeated prime factors p^r q instead of multiple distinct
primes. These are the dangers pointed out by the Boneh, Durfee, and
Howgarave-Graham paper I mentioned. This is what I meant when I wrote
that the case of repeated prime factors doesn't seem to be covered.
These dangers seem to be independent of the performance of ECM.
In the case of p^2 q, it is good to read that ECM is not much better.
Combined with the fact that the other paper's algorithm isn't fast
enough at r = 2 to directly apply, this may mean that moduli of
the form n = p^2 q are fine at this point. I personally wouldn't
have a warm fuzzy feeling about it.
-David
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Q: CD
Date: 08 Aug 2000 06:03:28 GMT
Ulrich Kuehn wrote:
>
>
>Douglas A. Gwyn wrote:
>> If you mean the decoded data, it's almost trivial under many
>> UNIX-like operating systems:
>> fd = open("/dev/rdsk/cd0" /* or whatever */ , 0);
>> lseek(fd, 0, desired_offset);
>
>Do not rely on being able to specify a position on a CD exactly. For
>CD-ROMs, you can, but audio CDs are known to make big difficulties to
>fix a position in the audio track. Grabbing them is not a easy task.
That's an artifact of your player. My player can start and stop on
any bit you choose. The again, my player costs as much as a house
and requires a forklift to move. You would have ob=ne too if you were
a CD/DVD Mastering equipment designer like me.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Secure Operating Systems
Date: 08 Aug 2000 06:05:48 GMT
I keep hearing rumors of a secure version of QNX that they don't want
advertised...
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
