On 01-10-2010 02:41, Victor Duchovni wrote:
> Should we be confident that 4-prime RSA is stronger at 2048 bits than
> 2-prime is at 1024? At the very least, it is not stronger against ECM
> (yes ECM is not effective at this factor size) and while GNFS is not
> known to benefit from small factors,
Kevin W. Wall wrote:
> isn't the pre-shared key version of W3C's XML Encrypt also going to be
> vulnerable
> to a padding oracle attack.
Any implementation that returns distinguishable error conditions for invalid
padding is vulnerable, XML encryption no more or less so if used in such a
manne
On Thu, Sep 30, 2010 at 11:23:39PM -0400, Jerry Leichter wrote:
> On Sep 30, 2010, at 9:24 AM, Eugen Leitl wrote:
>> Right from the snake-oil-security-dept.
> Really? Just what about it is snake oil? Quantum vacuum fluctuations
That QM RNGs are special in comparison to other RNGs, which have b
Thor Lancelot Simon writes:
> > believe that the speed of RSA is the limiting factor for web application
>
> At 1024 bits, it is not. But you are looking at a factor of *9* increase
> in computational cost when you go immediately to 2048 bits.
In my quantitative, non-hand-waving, repeated exper
On Thu, Sep 30, 2010 at 01:32:38PM -0400, Thor Lancelot Simon wrote:
> On Thu, Sep 30, 2010 at 05:18:56PM +0100, Samuel Neves wrote:
> >
> > One solution would be to use 2048-bit 4-prime RSA. It would maintain the
> > security of RSA-2048, enable the reusing of the modular arithmetic units
> > of