On Friday 21 February 2003 11:19 pm, you wrote:
> This changes the padding on each message containing the password, making
> the attack rather more difficult, and has the advantage that you don't need
> to convince the party running the server to update their software.
> Depending on how much stu
"We're from Microsoft, and..."
Cheers,
RAH
http://online.wsj.com/article_print/0,,SB1046036499817775743,00.html
February 24, 2003
Microsoft Offers Companies
New Ways to Keep Secrets
By DON CLARK
Staff Reporter of THE WALL STREET JOURNAL
Microsoft Corp. wants to help companies
--- begin forwarded text
Status: RO
From: "Patrick" <[EMAIL PROTECTED]>
To: "'Digital Bearer Settlement List'" <[EMAIL PROTECTED]>
Subject: Lucrative Update: V5
Date: Mon, 24 Feb 2003 14:27:34 -0600
Sender: <[EMAIL PROTECTED]>
Lucrative release 5 is out today. This release brings Lucrative
sign
http://www.siliconvalley.com/mld/siliconvalley/5250435.htm?template=contentModules/printstory.jsp
The San Jose Mercury News
Posted on Mon, Feb. 24, 2003
Santa Clara County faces key decision on electronic ballots
By Katherine Corcoran
Mercury News
The future of electronic voting may b
http://www.acm.org/ubiquity/interviews/l_cranor_2.html
ACM: Ubiquity - At the Crossroads of Technology and Policy
Lorrie Cranor on privacy, online voting and Internet censorship.
Dr. Lorrie Faith Cranor is a Principal Technical Staff Member at AT&T
Labs-Research, where she has done w
I'm just after thinking about 1. 1 is relatively prime to itself but it
would be the only positive integer.
However if we take the first definition as correct then phi(1) might be
considered meaningless as
there are no positive integers less than 0. I suppose however, that this
could mean that
ph
Hi,
I have seen two slightly different definitions for the Euler's phi function.
They don't cause any difference in its value
but I was just wondering if there would be anyone who would complain about
the use of one or the other?
One says that for a positive integer n, phi(n) is the number of pos
At 12:46 PM 2/21/03 -0500, Anton Stiglic wrote:
...
If SSL required encrypt-then-MAC, a programmer
would more naturally start by verifying the MAC, then decrypt
the message, so Vaudenay's attack would be caught first by
the MAC verification and the implementation would probably
return an error afte
There was even an OS that, for a time until the patch got out, when you
handed it a pointer to a user name and a pointer to a password,
conveniently returned to you the password pointer updated to point at
the first bad character in the password for that account.
Thanks,
Donald
Hello Scott,
At 03/02/03 21:50, Scott G. Kelly wrote:
I have a question regarding RSA encryption - forgive me if this seems
amateur-ish -, but 'm still a beginner. I seem to recall reading
somewhere that there is some issue with directly encrypting data with an
RSA public key, perhaps some vulnera
SMB writes:
> I'm struck by the similarity of this attack to Matt Blaze's master key
> paper. In each case, you're guessing at one position at a time, and
> using the response of the security system as an oracle. What's crucial
> in both cases is the one-at-a-time aspect -- that's what makes t
An extremely trivial observation, but may be useful to some:
>The attack assumes that multiple SSL or TLS connections involve a common
>fixed plaintext block, such as a password.
There's been a discussion about how this affects POP over SSL on a private
list. My suggestion was:
-- Snip --
- Do
Ed Gerck wrote:
> This may sound intuitive but is not correct. Shannon proved that if
> "n" (bits, bytes, letters, etc.) is the unicity distance of a
> ciphersystem, then ANY message that is larger than "n" bits CAN be
> uniquely deciphered from an analysis of its ciphertext -- even though
> that
Hmm. another simpler theory to remove Shannon from the discussion.
assume that the original assertion is correct - that for each plaintext p
and each cyphertext c there exists only one key k that is valid to map
encrypt(p,k)=c. In this case, for each possible cyphertext c, *every*
possible plainte
14 matches
Mail list logo
