|
|
|
|
Found 12 records.
Errata ID: 163
Status: Verified
Type: Editorial
Reported By: M'Raihi, David
Date Reported: 2005-12-26
Section 9 says:
Oracle AuthO()
--------------
A = ALG(K,C)
C = C + 1
Return O to B
It should say:
Oracle AuthO()
--------------
A = ALG(K,C)
C = C + 1
Return A to B
^^
Notes:
Section A.4.1, Paragraph 3, Lemma 1 definition, top of page 19
The description of Lemma 1 defines P_ {N,m} (z) using the term Z_ {n}
and it should actually be Z_ {N}.
P_{N,m}(z) = Pr [x mod m = z : x randomly pick in Z_{n}]
Should be:
P_{N,m}(z) = Pr [x mod m = z : x randomly pick in Z_{N}]
^^^
Section E.2, Paragraph 4, bottom of page 32
32^8 > 10^12 so the security of an 8-alphanumeric HOTP code is
significantly better than a 9-digit HOTP value.
Should be:
32^8 > 10^12 so the security of an 8-alphanumeric HOTP code is
significantly better than a 12-digit HOTP value.
^^
In Author's Addresses, Page 35, David Naccache's contact information should be:
David Naccache
ENS, DI
45 rue d'Ulm
75005 Paris, France
and
Information Security Group,
Royal Holloway,
University of London, Egham,
Surrey TW20 0EX, UK
EMail: david.naccache@ens.fr, david.naccache@rhul.ac.uk
Errata ID: 2404
Status: Reported
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Edited by: Sean Turner
Date Edited: 2010-07-30
Section A.3 says:
Still in Appendix A.3, the text on the upper half of page 19 contains
a wrong (undefined) variable name 'O' which should be 'A' instead,
and it should be adapted according to item (3) above.
The text says:
Oracle AuthO()
--------------
A = ALG(K,C)
C = C + 1
Return O to B
Oracle VerO(A)
--------------
i = C
While (i <= C + s - 1 and Win == FALSE) do
If A == ALG(K,i) then Win = TRUE; C = i + 1
Else i = i + 1
Return Win to B
It should say:
It should say:
Oracle AuthO()
--------------
A = ALG(K,C)
C = C + 1
| Return A to B
Oracle VerO(A)
--------------
| i = C'
| While (i <= C' + s - 1 and Win == FALSE) do
| If A == ALG(K,i) then Win = TRUE; C' = i + 1
Else i = i + 1
Return Win to B
Notes:
another typo, and continuation of 2402 above
Errata ID: 2401
Status: Reported
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Edited by: Sean Turner
Date Edited: 2010-07-30
Section A.1 says:
On page 17, Appendix A.1 contains the text: Let IntDiv(a,b) denote the integer division algorithm that takes | input integers a, b where a >= b >= 1 and returns integers (q,r) | the quotient and remainder, respectively, of the division of a by b. (Thus, a = bq + r and 0 <= r < b.)
It should say:
The restriction "a >= b" is not necessary and in fact inappropriate; the additional blank line seems to be an artifact of the editing process. Thus, the above text should better read: Let IntDiv(a,b) denote the integer division algorithm that takes | input integers a, b where b >= 1 and returns integers (q,r), the quotient and remainder, respectively, of the division of a by b. (Thus, a = bq + r and 0 <= r < b.)
Notes:
inappropriate restriction specified + formatting flaw
Errata ID: 2405
Status: Reported
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Edited by: Sean Turner
Date Edited: 2010-07-30
Section A.4.1 says:
(6) [ typos in mathematical text ]
Lemma 1 and its proof in Appendis A.4.1, on page 20, contains
several typos.
In Lemma 1, the line,
P_{N,m}(z) = Pr [x mod m = z : x randomly pick in Z_{n}]
^^^
should read:
P_{N,m}(z) = Pr [x mod m = z : x randomly pick in Z_{N}]
This corrects the use of an undefined variable, n, by using the
variable N as expected from the LHS term.
In the Proof of Lemma 1, the case distinction for z contains an
improper relational operator at two places.
To adjust to the possible range of values (cf. item (2) above!),
the formula parts:
P_{N,m}(z) = [ ... ]
= mq/N * 1/m +
(N - mq)/N * 1 / (N - mq) if 0 <= z < N - mq
| 0 if N - mq <= z <= m
^^^^
= q/N +
r/N * 1 / r if 0 <= z < N - mq
| 0 if r <= z <= m
^^^^
should be modified to read:
P_{N,m}(z) = [ ... ]
= mq/N * 1/m +
(N - mq)/N * 1 / (N - mq) if 0 <= z < N - mq
| 0 if N - mq <= z < m
= q/N +
r/N * 1 / r if 0 <= z < N - mq
| 0 if r <= z < m
It should say:
see above
Notes:
typos
Errata ID: 2406
Status: Held for Document Update
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Tim Polk
Date Held: 2011-03-27
Appendix A.4.3 says:
Proposition 2 ------------- Suppose m = 10^Digit < 2^31, and let (q,r) = IntDiv(2^31,m). Let B be any adversary attacking HOTP-IDEAL using v verification oracle queries and a <= 2^c - s authenticator oracle queries. Then [...]
It should say:
Proposition 2 ------------- Suppose m = 10^Digit < 2^31, and let (q,r) = IntDiv(2^31,m). Let B be any adversary attacking HOTP-IDEAL using v verification oracle queries and a <= 2^c - s authenticator oracle queries. Then [...]
Errata ID: 2408
Status: Held for Document Update
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section C says:
In Appendix C, the source text in the upper half of page 28
contains an improperly formatted comment -- obviously intended
to illustrate the subsequent declaration, the comment must be
aligned with that declaration.
Thus, the lines:
// These are used to calculate the check-sum digits.
| // 0 1 2 3 4 5 6 7 8 9
private static final int[] doubleDigits =
{ 0, 2, 4, 6, 8, 1, 3, 5, 7, 9 };
It should say:
should read:
// These are used to calculate the check-sum digits.
| // 0 1 2 3 4 5 6 7 8 9
private static final int[] doubleDigits =
{ 0, 2, 4, 6, 8, 1, 3, 5, 7, 9 };
Notes:
formatting
Errata ID: 834
Status: Held for Document Update
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section E.4 says:
The enumeration in Appendix E.4, on page 34, contains inconsistent
variable namings (cf. issue (3) above!).
To make it self-consistent, the enumeration:
1) C-client >= C-server
2) C-client - C-server <= s
3) Check that HOTP client is valid HOTP(K,C-Client)
4) If true, the server sets C to C-client + 1 and client is
authenticated ^^^
^^^ ^^^
It should say:
should read:
1) C-client >= C-server
2) C-client - C-server <= s
| 3) Check that HOTP client is valid HOTP(K,C-client)
| 4) If true, the server sets C-server to C-client + 1 and client is
authenticated
Notes:
Lines up with errata 2402
Errata ID: 2402
Status: Held for Document Update
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section A.3 says:
In Appendix A.3, unfortunately the necessary distinction between the counter value kept with the user and the counter value kept at the server is not preserved in the variable names introduced. This leads to significant confusion. I hereby propose a 'minimally invasive' text modification as follows (Cf. Appendix E.3 for another notation) : The text of the 2nd and 3rd paragraph of Appendix A.3, on page 18 : The scenario we are considering is that a user and server share a key K for ALG. Both maintain a counter C, initially zero, and the user authenticates itself by sending ALG(K,C) to the server. The latter accepts if this value is correct. In order to protect against accidental increment of the user counter, the server, upon receiving a value z, will accept as long as z equals ALG(K,i) for some i in the range C,...,C + s-1, where s is the resynchronization parameter and C is the server counter. If it accepts with some value of i, it then increments its counter to i+1. If it does not accept, it does not change its counter value.
It should say:
should be modified to say: The scenario we are considering is that a user and server share a key | K for ALG. Both maintain a counter C and C', respectively, initially zero, and the user authenticates itself by sending ALG(K,C) to the server. The latter accepts if this value is correct. In order to protect against accidental increment of the user counter, the server, upon receiving a value z, will accept as long as z equals | ALG(K,i) for some i in the range C',...,C' + s-1, where s is the | resynchronization parameter and C' is the server counter. If it accepts with some value of i, it then increments its counter to i+1. If it does not accept, it does not change its counter value.
Notes:
conflicting naming of variables
Errata ID: 2400
Status: Held for Document Update
Type: Editorial
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section 5.3 says:
The text of Section 5.3, in the 2nd and 3rd paragraph on page 7,
says:
The reason for masking the most significant bit of P is to avoid
confusion about signed vs. unsigned modulo computations. Different
processors perform these operations differently, and masking out the
| signed bit removes all ambiguity.
^^
Implementations MUST extract a 6-digit code at a minimum and possibly
7 and 8-digit code. Depending on security requirements, Digit = 7 or
more SHOULD be considered in order to extract a longer HOTP value.
It should say:
It should say: The reason for masking the most significant bit of P is to avoid confusion about signed vs. unsigned modulo computations. Different processors perform these operations differently, and masking out the | sign bit removes all ambiguity. Implementations MUST extract a 6-digit code at a minimum and possibly | 7 and 8-digit codes. Depending on security requirements, Digit = 7 or more SHOULD be considered in order to extract a longer HOTP value.
Notes:
Editorial fixes.
Errata ID: 2403
Status: Held for Document Update
Type: Editorial
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section A.3 says:
Near the bottom of page 18, the 2nd-to-last paragraph of Appendix A.3
(on that page) says:
... It wins if the
server accepts this accumulator.
^^^^^^^^^^^
It should say:
It should say instead:
... It wins if the
server accepts this authenticator.
Notes:
typo
Errata ID: 2407
Status: Held for Document Update
Type: Editorial
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section A.5 says:
Within Appendix A.5, in the lower half of page 23, the text for
"Assumption 1" says:
Let T denotes the time to perform one computation of H. [...]
^
It should say:
It should say: Let T denote the time to perform one computation of H. [...]
Notes:
typo
Errata ID: 2409
Status: Held for Document Update
Type: Editorial
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30
Section C says:
In Appendix C, the source code on page 30 (lower half) and
page 31 contains improperly indented lines.
The following three line groups should be indented by 6 more character
positions to make them conformant to RFC style 'nice' format:
- on page 30:
String result = null;
int digits = addChecksum ? (codeDigits + 1) : codeDigits;
- on page 30:
if ( (0<=truncationOffset) &&
(truncationOffset<(hash.length-4)) ) {
offset = truncationOffset;
}
- on page 31:
if (addChecksum) {
otp = (otp * 10) + calcChecksum(otp, codeDigits);
}
result = Integer.toString(otp);
while (result.length() < digits) {
result = "0" + result;
}
return result;
It should say:
[see above]
Notes:
[ further formatting (indentation) issues ]