DOCSLIB.ORG

Two Mathematical Security Aspects of the Rsa Cryptosystem: Signature Padding Schemes and Key Generation with a Backdoor

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Two Mathematical Security Aspects of the Rsa Cryptosystem: Signature Padding Schemes and Key Generation with a Backdoor Two mathematical security aspects of the rsa cryptosystem: signature padding schemes and key generation with a backdoor Genevi`eve Arboit Doctorate of Philosophy School of Computer Science McGill University Montreal, Quebec February 2008 A thesis submitted to McGill University in partial fulfilment of the requirements of the degree of philosophy doctorate in computer science. Copyright Genevi`eve Arboit, 2008. DEDICATION This document is dedicated to all people dear to me. ii ACKNOWLEDGEMENTS Firstly, I thank my thesis adviser, Claude Cr´epeau, for suggesting the topic of backdoors and for his counsel. I also thank Jean-Marc Robert and Alain Slakmon for their precious reading and comments. I thank my parents, my family, my friends, and Dan Nyborg who put up with my excentric notion of becoming a doctor. I thank the crypto and quantum info lab people, as well as Geza Szamosi, Faith Fich, Charles Rackoff, Laurie Hendren, David Avis, Prakash Panangaden, and Bettina Kemme, for their interest and dis- interested help. In particular, I owe thanks to Isabelle D´ech`ene,Raza Ali Kazmi, Simon Pierre Desrosiers, Martin Courchesne, Natasa Przulj, Nicole Witen (came up with the Casanova story), Valerie Hongoh, Jenifer Thorsley, Shashikala Sivapra- gasam, Paul Dumais, Hugo Touchette, and Fran¸coisPitt. Concerning publications, I would additionally like to thank David Naccache, Jean-S´ebastienCoron, and a few anonymous referees for useful comments. The McGill kendo club and d'Orangeville sensei are a late addition to the people I acknowledge the help of and deeply thank, for making the writing of a philosophy doctorate thesis appear to be relatively easy. iii ABSTRACT This work presents mathematical properties of the rsa cryptosystem. The top- ics of backdoors and padding algorithm are developped. For padding schemes, we give a practical instantiation with a security reduction. It is based on the compression function of sha-1 without any chaining function. Our solution has the advantage over the previous one of removing the relation of the output length of the compression function to the length of the rsa modulus. For backdoors, improvements on definitions, existing algorithms as well as ex- tensions of existing theorems are shown. The definitions pertaining to backdoored key generators are improved as to make their analysis uniform and comparable. New algorithms are presented and compared to existing ones as to show improvements mainly on their running time, the indistinguishability of the keys produced, and that some of these new algorithms are, for all practical purposes, the best that may be called asymmetric. Our theorem on the correctness (or completeness) of one of our better backdoored key generators is a generalization of a theorem of Boneh, Durfee and Frankel's on partial information on the decryption exponent. iv RESUM´ E´ Ce travail pr´esente des propri´et´esmath´ematiquesdu cryptosyst`eme rsa. Les sous-domaines d´evelopp´essont ceux des portes d´erob´eeset des algorithmes de rem- plissage. Pour les algorithmes de remplissage, nous pr´esentons une instantiation pratique avec une r´eductionde s´ecurit´e. Elle est bas´eesur la fonction de compression de sha-1 sans user d'aucune fonction d'encha^ınement. Notre solution a l'avantage, par rapport `ala pr´ec´edente, d'enlever la relation entre la longueur de sortie de la fonction de compression et la longueur du modulo rsa. Pour les portes d´erob´ees,des am´eliorationssur les d´efinitions,les algorithmes existants aussi bien que des prolongements des th´eor`emesexistants sont expos´es.Les d´efinitionsconcernant les g´en´erateursde cl´es`aporte d´erob´eesont am´elior´eesafin que leur analyse soit uniforme et comparable. De nouveaux algorithmes sont pr´esent´es et compar´es`aceux existants afin de d´emontrer des am´eliorations principalement par rapport `aleur temps d'ex´ecution,`al'indistinguabilit´edes clefs produites et par le fait que certains de ces nouveaux algorithmes sont, `atoutes fins pratiques, les meilleurs pouvant ^etre qualifi´esd'asym´etriques.Notre th´eor`emesur l'exactitude d'un de nos meilleurs g´en´erateursde cl´es`aporte d´erob´eeest une g´en´eralisationd'un th´eor`eme de Boneh, Durfee et Frankel sur l'information partielle de l'exposant de d´echiffrage. v TABLE OF CONTENTS DEDICATION . ii ACKNOWLEDGEMENTS . iii ABSTRACT . iv RESUM´ E......................................´ v LIST OF TABLES . x LIST OF FIGURES . xiii NOTATION . xvii CONTRIBUTIONS OF AUTHORS . xix 1 Introduction . 1 1.1 Brief history of public-key cryptosystems . 1 1.2 The rsa cryptosystem . 5 1.2.1 Definition . 5 1.2.2 rsa signature padding . 7 1.2.3 Backdoors in public key generation . 11 1.3 Chapter notes . 14 2 Background on rsa .............................. 15 2.1 History . 15 2.2 Theory . 16 2.2.1 Computational security . 16 2.2.2 Trapdoor one-way function . 17 2.2.3 Toward the definition of rsa . 18 2.2.4 The definition of rsa ..................... 19 2.2.5 Efficiency of key generation . 24 2.2.6 Number of generable keys . 25 vi 2.2.7 Provable security . 26 2.2.8 Distribution properties of rsa . 29 2.3 Application issues and standards . 46 2.3.1 Direct attacks . 46 2.3.2 Indirect attacks . 47 2.4 Chapter notes . 47 3 rsa signature padding . 50 3.1 Introduction . 50 3.1.1 Hash-and-sign paradigm . 51 3.1.2 Chosen-ciphertext attacks . 53 3.1.3 Security goal . 55 3.2 Definitions . 56 3.3 An improved algorithm . 58 3.4 Further developments . 61 3.4.1 A practical hashing family H3·160. 61 3.4.2 Improved communication complexity. 63 3.5 Summary . 64 3.6 Chapter notes . 65 4 Introduction to backdoors . 66 4.1 Background . 66 4.1.1 The two contexts . 66 4.1.2 Intuition on the roles of the parties . 69 4.1.3 History . 71 4.2 Definitions . 74 4.2.1 Informal definition of a backdoor . 74 4.2.2 Model of analysis . 77 4.2.3 Formal definition of a backdoor . 79 4.3 Comparison with setup definitions for backdoors in cryptosystems 85 4.3.1 Definition of setup ...................... 85 4.3.2 Evolution of algorithms w.r.t. definitions in kleptography . 87 4.3.3 White box effect, uniformity and asymmetry . 88 4.3.4 Asymmetry (un)satisfied by setups . 88 4.4 Lexicon . 89 4.5 Chapter notes . 90 vii 5 Measures for backdoored keys . 91 5.1 Nature of the keys . 92 5.1.1 Classical definitions of indistinguishability . 92 5.1.2 Cardinality . 95 5.1.3 Distribution properties . 106 5.1.4 Generalized key regeneration . 110 5.1.5 Diversity . 113 5.2 Interactions with the generator: side channel analyses . 115 5.2.1 Complexity . 115 5.2.2 Memory . 122 5.3 Measures on the design of algorithms . 125 5.3.1 Computational assumptions . 125 5.3.2 Simplicity . 126 5.4 Measures: summary . 126 5.5 Chapter notes . 127 6 Comparison of existing algorithms . 129 6.1 Simple algorithms . 129 6.1.1 Anderson-Kaliski backdoors . 130 6.1.2 Howgrave-Graham backdoors . 137 6.2 Kleptography: Young-Yung algorithms . 146 6.2.1 YY96 . 146 6.2.2 YY97 . 168 6.2.3 YY05a . 175 6.2.4 YY05b . 181 6.3 Cr´epeau-Slakmon algorithms . 189 6.3.1 First algorithm: via Wiener's low decryption exponent attack192 6.3.2 Second algorithm: via upper bits of δ and prime . 196 6.3.3 Third algorithm: via upper and lower bits of δ . 200 6.3.4 Fourth algorithm: via hiding p in n . 206 6.3.5 Fifth algorithm: via Slakmon's variant of Wiener's Theorem 213 6.3.6 Choices of permutation, πβ . 221 6.4 Chapter notes . 225 7 Improved algorithms . 227 7.1 First improvement: complexity, then diversity . 228 7.1.1 Outline of the first improvement . 228 viii 7.1.2 Preliminary results: new extensions of Wiener's Theorem . 231 7.1.3 Improvement of the time complexity . 240 7.1.4 Improvement of the diversity without pseudo-randomness . 257 7.2 Discussion on the first improvement . 278 7.2.1 Structure of the improvement . 278 7.2.2 Failure of simple algorithms . 279 7.2.3 Advantages of a reasonable simplicity . 282 7.2.4 Diversity of the algorithms . 285 7.3 Second improvement: generalized key regeneration for eg keys . 288 7.3.1 Principles . 288 7.3.2 Improvements . 289 7.4 Third improvement: asymmetric algorithms . 298 7.4.1 Principles . 298 7.4.2 Improvements . 307 7.5 Classification of backdoors . 313 7.5.1 Backdoors to rsa key generation . 313 7.5.2 Backdoors to eg key generation . 315 7.5.3 Location of the embedding . 315 7.5.4 Symmetry and asymmetry . 316 7.6 Chapter notes . 317 8 Conclusion . 318 Appendix A: Basic cryptology . 325 A.1 Contemporary secure key lengths . 325 A.2 The ElGamal cryptosystem . ..
Load more

Recommended publications
  • Sourcefire White Paper
    And Its Role in the Security Model www.sourcefire.com June 2002 Sourcefire, Inc. 7095 Samuel Morse Drive Suite 100 Columbia, MD 21046 410.290.1616 | 410.290.0024 TABLE OF CONTENTS Table of Contents ............................................................................................................2 Open Source Software: OSS...........................................................................................3 What is OSS?..........................................................................................................................3 History.....................................................................................................................................4 Opinions on OSS.....................................................................................................................4 Arguments in favor of OSS ......................................................................................................5 Security, Stability, and Cost .......................................................................................................................5 Standards, Immediacy, and Lack of Restrictions......................................................................................7 Arguments Against OSS..........................................................................................................7 Status Quo and Security.............................................................................................................................8 Poor Packaging and Support .....................................................................................................................9
    [Show full text]
  • Bastian Ballmann Attack and Defense with Python 3 2Nd Edition
    Bastian Ballmann Understanding Network Hacks Attack and Defense with Python 3 2nd Edition Understanding Network Hacks Bastian Ballmann Understanding Network Hacks Attack and Defense with Python 3 2nd Edition Bastian Ballmann Uster, Switzerland ISBN 978-3-662-62156-1 ISBN 978-3-662-62157-8 (eBook) https://doi.org/10.1007/978-3-662-62157-8 © Springer-Verlag GmbH Germany, part of Springer Nature 2015, 2021 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifcally the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microflms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specifc statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affliations. Responsible Editor: Martin Börger This Springer imprint is published by the registered company Springer-Verlag GmbH, DE part of Springer Nature.
    [Show full text]
  • Alan Watt "Cutting Through the Matrix" Live on Rbn #101
    Transcripts of: ALAN WATT "CUTTING THROUGH THE MATRIX" LIVE ON RBN #101 - 125 April 14, 2008 – June 9, 2008 Dialogue Copyrighted Alan Watt - 2008 (Exempting Music, Literary Quotes and Callers' Comments) Alan Watt's Official Websites: WWW.CUTTINGTHROUGHTHEMATRIX.COM www.alanwattsentientsentinel.eu "While Inflicting Torture and Pain, Our Masters "All That Was must Pass Away" Make Hay for Financial Gain - May 12, 2008 #113 The End of Morality in the New Corporate Feudal System" - April 14, 2008 #101 "Your Neighbourhood Snoopers are Such Party Poopers" - May 14, 2008 #114 "Crisis Cry-Sis from the Boys at the Top" April 16, 2008 #102 "The Web it said Will Soon be Dead" May 16, 2008 #115 "The Nation-State is now Transcendent, You are now Global Slaves and Interdependent - Analysis "Freedom of Mind for He Who Chooses, Is of Gordon Brown Speech at Kennedy Center" Known by Controllers Who Study The Muses" April 18, 2008 #103 May 19, 2008 #116 "Gorge and Binge to go Out of Fashion" "The Chessboard's Set, The Pawns are in Place, April 21, 2008 #104 As They Move Toward The Humanimal Race" May 21, 2008 #117 "The New Autism ain't What It used to Be - Comparative Studies within Amish Community" "The Mass-Man Moves toward Integration, The April 23, 2008 #105 Few with Spirit toward Separation" May 23, 2008 #118 "Big Brother's Coming Door-to-Door to Enquire about Your Sex Life - "Con of the Carbon Life-form" Strictly For Statistical Reasons, of course" May 26, 2008 #119 April 25, 2008 #106 "For 'Trekkie' fans, It's 'Red Alert!', "Shortly, Food Supplements
    [Show full text]
  • The Hacker Voice Telecomms Digest #2.00 LULU
    P3 … Connections. P5 … You Got Mail… Voicemail. P7 … Unexpected Hack? P8 … Rough Guide To No. Stations pt2. P12 … One Way/One Time Pads. P16 … Communications. Your Letters, Answered… Perhaps! P17 … The Hacker Voice Projects. P19 … Automating Network Enumeration. P22 … An Introduction to Backdoors. The Hackers Voice Digest Team P27 … Interesting Numbers. Editors: Demonix & Blue_Chimp. Staff Writers: Belial, Blue_Chimp, Naxxtor, Demonix, P28 … Phreaking Bloody Adverts! Hyper, & 10Nix. Pssst! Over Here… You want one of these?! Contributors: Skrye, Vesalius, Remz, Tsun, Alan, Desert Rose & Zinya. P29 … Intro to VoIP for Practical Phreaking Layout: Demonix. Cover Graphics : Belial & Demonix. P31 … Google Chips. Printing: Printed copies of this magazine (inc. back issues) are available from P32 … Debain Ubuntu A-Z of Administration. www.lulu.com. Thanks : To everyone who has input into this issue, especially the people who have P36 … DIY Tools. submitted an article and gave feedback on the first Issue. P38 … Beginners Guide to Pen Testing. Back Page: UV’s World War Poster Productions. P42 … The Old Gibson Phone System. What is The Hackers Voice? The Hackers Voice is a community designed to bring back hacking P43 … Introduction to R.F.I. and phreaking to the UK . Hacking is the exploration of Computer Science, Electronics, or anything that has been modified to P55 … Unexpected Hack – The Return! perform a function that it wasn't originally designed to perform. Hacking IS NOT EVIL, despite what the mainstream media says. We do not break into people / corporations' computer systems and P56 … Click, Print, 0wn! networks with the intent to steal information, software or intellectual property.
    [Show full text]
  • Bastian Ballmann Attack and Defense with Python
    Bastian Ballmann Understanding Network Hacks Attack and Defense with Python Understanding Network Hacks Bastian Ballmann Understanding Network Hacks Attack and Defense with Python 123 Bastian Ballmann Uster, Switzerland Translation from the German language edition “Network Hacks - Intensivkurs”, c Springer-Verlag, 2012 ISBN 978-3-662-44436-8 ISBN 978-3-662-44437-5 (eBook) DOI 10.1007/978-3-662-44437-5 Springer Heidelberg New York Dordrecht London Library of Congress Control Number: 2014960247 © Springer-Verlag Berlin Heidelberg 2015 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.
    [Show full text]
  • Why Open Source Software / Free Software (OSS/FS, FLOSS, Or FOSS)? Look at the Numbers! 1. Introduction
    Why Open Source Software / Free Software (OSS/FS, FOSS, or FLOSS)? Look at the Nu...Page 1 of 139 Translations available: Czech | French | Japanese | Spanish Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers! David A. Wheeler http://www.dwheeler.com/contactme.html Revised as of November 14, 2005 This paper provides quantitative data that, in many cases, using open source software / free software (abbreviated as OSS/FS, FLOSS, or FOSS) is a reasonable or even superior approach to using their proprietary competition according to various measures. This paper’s goal is to show that you should consider using OSS/FS when acquiring software. This paper examines market share, reliability, performance, scalability, security, and total cost of ownership. It also has sections on non-quantitative issues, unnecessary fears, OSS/FS on the desktop, usage reports, governments and OSS/FS, other sites providing related information, and ends with some conclusions. An appendix gives more background information about OSS/FS. You can view this paper at http://www.dwheeler.com/oss_fs_why.html (HTML format). A short presentation (briefing) based on this paper is also available. Palm PDA users may wish to use Plucker to view this longer report. Old archived copies and a list of changes are also available. 1. Introduction Open Source Software / Free Software (OSS/FS) (also abbreviated as FLOSS or FOSS) has risen to great prominence. Briefly, OSS/FS programs are programs whose licenses give users the freedom to run the program for any purpose, to study and modify the program, and to redistribute copies of either the original or modified program (without having to pay royalties to previous developers).
    [Show full text]
  • TOP THEMA Datenmissbrauch Und Wirtschafts-Spionage ______
    _______________________________________________________________________ TOP THEMA Datenmissbrauch und Wirtschafts-Spionage _______________________________________________________________________ Handelsblatt: 50-Milliarden-Schaden jährlich durch Wirtschaftsspionage http://www.handelsblatt.com/politik/deutschland/wirtschaftsspionage-50-milliarden- schaden/8705934.html Bitcom schätzt 51 Milliarden Euro Schaden jährlich durch digitale Wirtschaftsspionage - Erschreckende Statistik: Rund 51 Prozent aller deutschen Unternehmen waren bereits von Datendiebstahl, Sabotage oder Spionage betroffen http://www.heise.de/newsticker/meldung/Bitkom-51-Milliarden- Euro-Schaden-jaehrlich-durch-digitale-Wirtschaftsspionage-2609577.html Der Ingenieursverband ist sieht die Sache noch dramatischer: Laut seinen Schätzungen sind die Schäden durch Wirtschaftsspionage in Deutschland erheblich alarmierender. Deutsche Unternehmen würden mindestens 100 Milliarden Euro pro Jahr verlieren, schätzt der Verband. http://www.faz.net/aktuell/wirtschaft/wirtschaftsspionage-ingenieursverband-100- milliarden-euro-schaden-12782369.html Aber wie funktioniert so etwas? Haben Sie das gewusst? Windows ist ein NSA Trojaner 1998 entdeckten zwei IT-Experten – Dr. Nicko Someren und Andrew Fernandes - versteckte „NSA“ Hintertüren im Betriebssystem von Microsoft. Obwohl diese Entdeckung von höchster Brisanz gewesen war, nutzen viele Firmen, Behörden und Privatpersonen leichtsinnig weiter das Betriebssystem Windows. Doch lesen Sie selbst... Die Entdeckungen von Dr. Nicko van Someren und
    [Show full text]
  • Como Entender As Denúncias De Vigilantismo Global
    PROTEÇÃO DE DADOS A BITCOIN e-SAÚDE na União Europeia pode derrubar os EUA e privacidade no Brasil o instituto nupef é uma organização sem fi ns Uma publicação do Instituto Nupef • outubro / 2013 • www.politics.org.br de lucro dedicada à refl exão, análise, produção de conhecimento e formação, principalmente centradas em questões relacionadas às tecnologias da informação e Comunicação (tiCs) e suas relações políticas com os direitos humanos, a democracia, o desenvolvimen- to sustentável e a justiça social. além de realizar cursos, eventos, desenvolver pesquisas e estudos de caso, o nupef edita a politiCs, a rets (revista do terceiro setor) e mantém o projeto tiwa – provedor de serviços internet voltado exclusivamente para instituições sem fi ns lucrativos – resultado de um trabalho iniciado há 21 anos, com a criação do alternex (o pri- meiro provedor de serviços internet aberto ao público no Brasil). o tiwa é um provedor comprometido prioritariamente com a pri- vacidade e a segurança dos dados das entidades associadas; com a garantia de sua liberdade de expressão; com o uso de software livre e de plataformas abertas não-proprietárias. Tecnologias e pessoas com defi ciência: questão política rua sorocaba 219, 501 | parte | Botafogo | CeP 22271-110 | rio de Janeiro | rJ | Brasil Como entender telefone/fax +55 (21) 3259-0370 | www.nupef.org.br as denúncias de vigilantismo global nº16 EDITOR CARLOS A. AFONSO CAPA, PROJETO GRÁFICO E DIAGRAMAÇÃO MONTE DESIGN DISTRIBUIÇÃO VIVIANE GOMES Índice TRADUÇÕES RICARDO SILVEIRA 02 >Como entender as denúncias Esta é uma publicação do Instituto Nupef. de vigilantismo global Versão digitalizada disponível em www.politics.org.br e no sítio do Nupef - www.nupef.org.br Pedro Antonio Dourado de Rezende Para enviar sugestões, críticas ou outros comentários: [email protected] >10 Rua Sorocaba, 219 | 501 - parte | Botafogo | 22271-110 Sugestões relativas às políticas públicas brasileiras sobre Rio de Janeiro RJ Brasil | telefone +55 21 2527-0294 tecnologias assistivas para pessoas com deficiência visual Apoio: Fernando H.
    [Show full text]
  • The Economic Properties of Software
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics von Engelhardt, Sebastian Working Paper The economic properties of software Jena Economic Research Papers, No. 2008,045 Provided in Cooperation with: Max Planck Institute of Economics Suggested Citation: von Engelhardt, Sebastian (2008) : The economic properties of software, Jena Economic Research Papers, No. 2008,045, Friedrich Schiller University Jena and Max Planck Institute of Economics, Jena This Version is available at: http://hdl.handle.net/10419/25729 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte. may exercise further usage rights as specified in the indicated licence. www.econstor.eu JENA ECONOMIC RESEARCH PAPERS # 2008 – 045 The Economic Properties of Software by Sebastian von Engelhardt www.jenecon.de ISSN 1864-7057 The JENA ECONOMIC RESEARCH PAPERS is a joint publication of the Friedrich Schiller University and the Max Planck Institute of Economics, Jena, Germany.
    [Show full text]
  • Why Open Source Software / Free Software (OSS/FS, FLOSS, Or FOSS)? Look at the Numbers!
    Translations available: Czech | French | Japanese | Spanish Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers! David A. Wheeler http://www.dwheeler.com/contactme.html Revised as of July 18, 2015 This paper (and its supporting database) provides quantitative data that, in many cases, using open source software / free software (abbreviated as OSS/FS, FLOSS, or FOSS) is a reasonable or even superior approach to using their proprietary competition according to various measures. This paper’s goal is to show that you should consider using OSS/FS when acquiring software. This paper examines popularity, reliability, performance, scalability, security, and total cost of ownership. It also has sections on non-quantitative issues, unnecessary fears, OSS/FS on the desktop, usage reports, governments and OSS/FS, other sites providing related information, and ends with some conclusions. An appendix gives more background information about OSS/FS. You can view this paper at http://www.dwheeler.com/oss_fs_why.html (HTML format). A short presentation (briefing) based on this paper is also available. Palm PDA users may wish to use Plucker to view this longer report. Old archived copies and a list of changes are also available. 1. Introduction Open Source Software / Free Software (aka OSS/FS), also described as Free/Libre and Open Source Software (FLOSS), has risen to great prominence. Briefly, FLOSS programs are programs whose licenses give users the freedom to run the program for any purpose, to study and modify the program, and to redistribute copies of either the original or modified program (without having to pay royalties to previous developers).
    [Show full text]
  • Microsoft's Plans for the Internet: Some Key Issues
    Microsoft's Plans For The Internet: Some Key Issues Scott Granneman Senior Consultant in Internet Services Bryan Consulting [email protected] Last updated 18 July 2001 © 2001 Scott Granneman – You may freely redistribute this presentation, as long as the content is not altered. Open Standards, Open Source What Are Open Standards? Open standards are technology specifications that are ... Published so anyone can read & use them Agreed upon Changed after a review process To learn more, you can go to: RFCs W3C Examples Of Open Standards HTML, the language of Web pages POP & SMTP, which transfers email ASCII, used by any text editor JPEG, which displays images TCP/IP, the language of the Internet XML, the future language of the Web Importance Of Open Standards The Internet was built on Open Standards The use of Open Standards ... Allows for innovation Prevents "vendor lock-in" Is inclusive for all types of computers & users What Is Open Source? Developers can see, use, & change the code Code may be freely redistributed without restriction Public specification, development, & extension process Often made freely available Open Source Licensing Various licenses govern Open Source software All use the word "free" Free = freedom Free may or may not = $$$ Most famous is GPL, the GNU Public License GPL In Its Own Words "Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get
    [Show full text]
  • Download Lists That Contain Weak Passwords and Previously Breached Passwords and to Attack Offline Password Hashes
    An investigation of the security of passwords derived from African languages Submitted in partial fulfilment for the requirements of the degree of Master of Science of Rhodes University Sibusiso Sishi Grahamstown, South Africa March 2019 i Abstract Password authentication has become ubiquitous in the cyber age. To-date, there have been several studies on country based passwords by authors who studied, amongst others, English, Finnish, Italian and Chinese based passwords. However, there has been a lack of focused study on the type of passwords that are being created in Africa and whether there are benefits in creating passwords in an African language. For this research, password databases containing LAN Manager (LM) and NT LAN Man- ager (NTLM) hashes extracted from South African organisations in a variety of sectors in the economy, were obtained to gain an understanding of user behaviour in creating passwords. Analysis of the passwords obtained from these hashes (using several cracking methods) showed that many organisational passwords are based on the English language. This is understandable considering that the business language in South Africa is English even though South Africa has 11 official languages. African language based passwords were derived from known English weak passwords and some of the passwords were appended with numbers and special characters. The African based passwords created using eight Southern African languages were then uploaded to the Internet to test the security around using passwords based on African languages. Since most of the passwords were able to be cracked by third party researchers, we conclude that any password that is derived from known weak English words marked no improvement in the security of a password written in an African language, especially the more widely spoken languages, namely, isiZulu, isiXhosa and Setswana.
    [Show full text]