Yarrow
Hi Folks, I would like to know if someone of you know the existence of a version of Yarrow that doesn't use DLL ? Or maybe someone of you that already modify it... Thanks, Best regards, Hans...
Re: ecc question
x is just an integer in this case. Since there's no multiplication operator (we hope) in the curves used for crypto, x is just an indicator of how many times to square and multiply. Now as to whether you always have an x such that xA=B exists, that depends on the following: Are A and B both points on the curve? Is A a generator of the group? Or, more specifically, does the orbit generated by A include B? The latter question is what you're interested in. If A is a generator, B is in A's orbit. Otherwise, I see no way short of solving the discrete log problem of deciding whether B is in A's orbit. Cheers Dan At 02:11 PM 8/23/99 -0600, you wrote: The ecc discrete log problem is given points A and B, find integer x such that xA=B if it exists. I assume that most crypto implementations of ecc use finite fields; in a finite field can you assume that x exists? -- Mike Stay Cryptographer / Programmer AccessData Corp. mailto:[EMAIL PROTECTED]
RE: ecc question
The ecc discrete log problem is given points A and B, find integer x such that xA=B if it exists. I assume that most crypto implementations of ecc use finite fields; in a finite field can you assume that x exists? x is just an integer in this case. Since there's no multiplication operator (we hope) in the curves used for crypto, x is just an indicator of how many times to square and multiply. Now as to whether you always have an x such that xA=B exists, that depends on the following: Are A and B both points on the curve? Is A a generator of the group? Or, more specifically, does the orbit generated by A include B? Of course, in the EC cryptography case, you know that B has been generated as xA, so you know that this equation has a solution. Cheers, William Whyte Senior Cryptographer Baltimore Technologies Ltd, IFSC House, Dublin 1, Ireland
New Clinton Anti-Privacy Czar? (was Re: NewsScan Daily, 24August 1999 (Above The Fold))
At 7:43 AM -0700 on 8/24/99, NewsScan wrote: CLINTON ADMINISTRATION APPOINTS NEW E-COMMERCE ADVISOR The Clinton Administration has appointed Elizabeth Echols to a new White House post that will coordinate e-commerce issues. The Electronic Commerce Working Group, which will be headed up by Echols, will focus its initial efforts on resolving the complex debate over broadband Internet access. Echols also plans to target consumer protections online and creating a global e-commerce framework. "My job is really to coordinate the numerous agencies that are involved," says Echols. "There are at least 12 federal agencies that are working in electronic commerce. The idea is to have one central place at the White House where we can work together and shape one Administration policy." (Cybertimes/New York Times 24 Aug 99) http://www.nytimes.com/library/tech/99/08/cyber/capital/24capital.html - Robert A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: bo2k cryptography
[EMAIL PROTECTED] wrote: The authors have announced and fixed one bug... Here's the details of that one: http://www.securityfocus.com/templates/archive.pike?list=1date=1999-08-1[EMAIL PROTECTED] -- Forwarded message -- Date: Sun, 01 Aug 1999 21:29:40 -0500 From: Irwan Amir Widjaja [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: bo2k plugins Hi, I recently (July 31st) discovered that the CAST-256 plugin v2.2 which allows any user to connect to any CAST256 server with any password. After reporting the bug to Daniel (the author), he fixed the plugin within a few hours and found that the problem lied within Maw~'s MD5 module, which he used for his plugin (Dan later found that MAW~'s IDEA plugin has the same flaw). This is obviously a very big security risk for administrators who use bo2k as a legit remote administration tool (as opposed to a 'cracking hacking' tool). Currently CAST-256 and IDEA are the only strong encryption plugins which are internationally available for bo2k (the only ones I'm aware of at least). There were over 1000 downloads of the faulty CAST256 plugin alone. Both of these plugins have been updated by their authors. Sincerely, Amir