admin@eatmychat.com writes:

"BenL" links.org> wrote in message
news:1166185537.961574.69420@f1g2000cwa.googlegroups.com...

The most persistent bug I had to deal with was in the integer modexp. It
rather at random gave an incorrect result, in particular it seemed to happen
any time particular pairs of inputs were given in quick succession. This was
reported to OpenSSL, they claimed it was fixed in the next release, the
exact same inputs resulted in the same error, with the same frequency, and
on looking at the OpenSSL source code, surprisingly, from the exact same
implementation.

Interestingly, Java's BigInteger implementation has a very similar problem.
Joe

Crypto Mini-FAQ

Q: Where is the FAQ for cryptology?

Several useful but out-of-date crypto FAQs are here:
http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html

This crypto mini-faq is an attempt to have something that is more
concise, up-to-date, and relevant to sci.crypt. It will be kept here:
http://www.schlafly.net/crypto/faq.htm

Q: What is the best book on crypto?

For a pre-computer history of cryptology, see The Code Breakers,
by David Kahn.

For an elementary exposition, see Cryptography Decrypted, by H.
X. Mel and Doris M. Baker or The Code Book by Simon Singh.

For a general introduction to a lot of algorithms, with source
code, see Applied Cryptography by Bruce Schneier. This book
is partially superseded by Practical Cryptography, by Niels Ferguson
and Bruce Schneier.

But does this act better than the rho method?

I'm looking at the McEliece-based short signature scheme proposed in 2001 by
Courtois, Finiasz, and Sendrier (http://eprint.iacr.org/2001/010), and
noticed that while the signatures are short on average, the length (as well
as the signing time) is unbounded in the worst case. When signing with this
scheme, you have to repeatedly hash the message along with a counter until
the hash is a decodable syndrome (of a Goppa code), and send the counter
along with the signature that is eventually produced. If you are unlucky the
counter could be arbitrarily large. This makes the scheme incompatible with
applications that need a fixed length (or at least bounded length)
signature.

"Joseph Ashwood" msn.com> wrote in message
news:znGgh.3226$yC5.258@newssvr27.news.prodigy.net...

I was going to drop him an email asking when I would be receiving my book.
I didn't realize this shit was going on though.

I hope they catch this guy - and I doubt Tom will refrain from pressing
charges in this go around (assuming they can identify the perpetrator)

I have my own suspicions on who it is, but I am less informed than many
involved - so I will keep it to myself. (And besides it's not anyone who
didn't appear in David Eather's list)

"Jean-Luc Cooke" engsoc.org> wrote in message
news:elucal$8jl$1@driftwood.ccs.carleton.ca...

Did I miss the bandwagon yet? I'd also like to see Tom back here.

Phil Carmody wrote:

Almost sure. Coding it by hand gives the same result.
Here is an implementation:
\\ This program is distributed under the terms of the GPL v2.
\\ The full text of the GPL is available at:
\\ http://www.gnu.org/licenses/gpl.txt

\\ Modification to the elliptic curve factoring algorithm working with
points
\\ *NOT* on the curve

clark wrote:

On 15 Dec 2006 05:13:04 -0800, BenL links.org> wrote:

A valid jibe at my lack of commitment to the cause. In my
(admittedly feeble) defense, if http://www.openssl.org/support/
had said, "Email bug reports to X", I would have. Faced
instead with a choice of OpenSSL mailing lists to join, and
recognizing that my romance with OpenSSL was not headed for
the altar, I satisfied myself with a posting to sci.crypt,
which got no response, and then I wandered away.

From sci.crypt, 2005.11.29:

http://groups-beta.google.com/group/sci.crypt/browse_thread/thread/9cde5b82aaa3418d/52b74996be43f31d...