|
|
 Up |
|
|
  |
Author: Markus.Dichtl.nospamMarkus.Dichtl.nospam
Date: Nov 19, 2006 23:54
Kristian Gjøsteen wrote:
...
> Looking briefly at Thms. 1, 2 and 3 of the referenced paper, I cannot find
> any claim of "increasing entropy of the output", so I don't immediately
> see how your comment relates to the paper. (Please note that I am not
> skilled in the subject matter, so things that are obviuos to you may
> not be obvious to me.)
Why do we use random numbers in cryptography? To get unpredictability.
As physical random numbers
tend to be biased, we use postprocessing to make them as hard to
predict as possible. Entropy (or, to be precise, in some cases
min-entropy) is the measure of this unpredictability. Therefore, a
postprocessing function which has the same per bit entropy as the input
does not make sense.
|
| Show full article (1.53Kb) |
|
| |
no comments
|
|
|
Author: mike3mike3
Date: Nov 19, 2006 23:31
Hi.
Consider the construction of an artificial language (yes, a language)
made up specifically for hiding messages. Only X people know this
secret language, and they use it to send messages. Unlike a regular...
|
| Show full article (1.06Kb) |
|
| |
17 Comments |
|
|
Author: Joseph AshwoodJoseph Ashwood
Date: Nov 19, 2006 23:03
"Sebastian Gottschalk" wrote in message
news:4sb591Fuj5anU1@mid.dfncis.de...
> Joseph Ashwood wrote:
>
>> The host site appears to be down at the moment, but the Google cache does
>> not even include the number 6 on the page except in links (e.g. the link
>> I
>> supplied), so it very specifically does not state that IE6 is vulnerable.
>> This brings us back to the original problem, can you cite a source that
>> actually says IE6 contains this vulnerability?
>
> No, it seems you really don't want to discuss. Can you cite any reference
> that this was patched in IE6? Until then, the default assumption is that
> nothing has changed.
> Actually I'm on an investigation how this vulnerability has eben be more
> unleashed on IE7, beside the usual stuff.
|
| Show full article (1.13Kb) |
|
3 Comments |
|
|
Author: girl13girl13
Date: Nov 19, 2006 18:49
Please ignore this message.
|
| |
|
no comments
|
|
|
Author: Jan DrewJan Drew
Date: Nov 19, 2006 17:06
> I'm not a Xtian. I don't even believe Jesus Christ was anything but a
> myth (same as Buddha, Mohammad, Marduk,etc.) of a messiah-archtype. I'm
> not a reverend of a Xtian faith, but of a Druidic path.
You do not sound lik either Druidic, or Christian. With your wrods.
>
> And I have been homeless and remember what it was like. You using
> peoples' homelessness as an excuse to make a profit is not only
> inexcusable but just plain dastardly. Karma will get you for that one.
>
> That would be a blantant lie. I am NOT using people's homelessness for
> anything.
Get your facts straught and try to follow.
|
| Show full article (0.97Kb) |
|
no comments
|
|
|
Author: Antony ClementsAntony Clements
Date: Nov 19, 2006 15:12
> He won't use ms cryptoapi because he thinks it needs a special licence,
> and it can't be used from VB6 (his development environment). Both of
> those beliefs are wrong, but he won't acknowledge that.
wrong, i was looking at the wrong one and the information i had from the
MSDN cd's i have was misleading, i acknowledged that.
|
| |
|
no comments
|
|
|
Author: Antony ClementsAntony Clements
Date: Nov 19, 2006 15:10
> I guess it never occurred to you that someone else may have made an RNG
> before you...
duh! it's a compatability issue nothing more
> I can't wait until you release your RNG so we can start making random
> bits... Crikeys I hate feeding my RSA keygen "tom needs random bits
> please help me" as the PRNG seed ....
i'm not making an RNG dumb dumb
|
| |
|
no comments
|
|
|
Author: David WagnerDavid Wagner
Date: Nov 19, 2006 15:06
Sebastian Gottschalk wrote:
>Can you cite any reference that this was patched in IE6?
>Until then, the default assumption is that nothing has changed.
I don't think you get to pick what the default assumption is.
Actually, these issues are cloudly enough that I don't think there
should be a default assumption one way or the other. The default
should be "we don't know", in the absence of evidence. Lacking
evidence either way, the only verdict we can render is "not proven".
In general, if someone wants to advance a claim, normally the burden is
on the person making the claim to provide the evidence for the claim.
Saying (in essence) "go find the evidence yourself; you have a debugger
like the rest of us; what, are you lazy?" is not likely to persuade
most folks of your claim.
|
| |
|
1 Comment |
|
|
Author: David WagnerDavid Wagner
Date: Nov 19, 2006 15:03
Sebastian Gottschalk wrote:
>Reflecting this, one may notice that this is a general design error of
>ActiveX: Vendors have good reason to never revoke signed vulnerable
>controls. And there's nothing you could do to patch this. And maybe that's
>what the proclaimed patch doesn't even exist, and therefore isn't
>referenced as well.
Interesting point. ActiveX is a major security risk, for so many reasons.
I am amazed that it is still enabled by default and so widely used in
this day and age. Yet another example of legacy code and historical
inertia at odds with security, I suppose.
|
| |
|
no comments
|
|
|
|
|
|
Author: armanarman
Date: Nov 19, 2006 13:04
Hi,
I was wondering if somebody could point me at CCM and EAX test vectors
(using AES)
regards
arman
|
| |
|
2 Comments |
|
|
|
|
|
|
