Incorrectly Generated RSA Keys: How To Recover Lost Plaintexts

When generating primes $p$ and $q$ for an RSA key, the algorithm specifies that they should be checked to see that $p-1$ and $q-1$ are relatively prime to the public exponent $e$, and regenerated if this is not the case. If this is not done, then the calculation of the decrypt exponent will fail. However, what if a software bug allows the generation of public parameters $N$ and $e$ of an RSA key with this property and then it is subsequently used for encryption? Though this may seem like a purely academic question, a software bug in the RSA key generation implementation in the CNG API of a preview release of the Windows 10 operating system makes this question of more than purely hypothetical value. Without a well defined decrypt exponent, plaintexts encrypted to such keys will be undecryptable thus potentially losing user data, a serious software defect. Though the decrypt exponent is no longer well defined, it is in fact possible to recover the plaintext, or a small number of potential plaintexts if the prime factors $p$ and $q$ of the public modulus $N$ are known. This paper presents an analysis of what steps fail in the RSA algorithm and use this to give a plaintext recovery algorithm. The runtime of the algorithm scales linearly in the magnitude of the public exponent, in practice this is manageable as there are only a few small public exponents that are used. This algorithm has been implemented in a publicly available python script. We further discuss the software bug that lead to this and derive lessons that can be used while testing randomized functions in cryptographic software. Specifically, we derive an explicit formula that describes the trade off between number of iterations of tests of a randomized cryptographic functions and the potential number of users affected by a bug dependent on the random values

Addressing the STEM Gender Gap by Designing and Implementing an Educational Outreach Chemistry Camp for Middle School Girls

There continues to be a persistent, widespread gender gap in multiple STEM disciplines at all educational and professional levels: from the self-reported interest of preschool aged students in scientific exploration to the percentages of tenured faculty in these disciplines, more men than women express an interest in science, a confidence in their scientific abilities, and ultimately decide to pursue scientific careers. Reported herein is an intensive outreach effort focused on addressing this gender gap: a full-time, week-long chemistry camp that was designed and implemented for middle school girls in the state of Rhode Island. The camp schedule included multiple hands-on experiments, field trips, and significant interactions with female scientists, all of which were designed to increase the participants’ interest in and enthusiasm for science. The success of the program in changing the participants’ attitudes toward science was measured through administration of a precamp and postcamp survey, and the survey results demonstrated a strong success in changing the participants’ attitudes toward the widespread applicability of science, their perceived level of support for scientific study, and their interest in pursuing STEM-related careers

Analogues of Velu\u27s Formulas for Isogenies on Alternate Models of Elliptic Curves

Isogenies are the morphisms between elliptic curves, and are accordingly a topic of interest in the subject. As such, they have been well-studied, and have been used in several cryptographic applications. Velu’s formulas show how to explicitly evaluate an isogeny, given a specification of the kernel as a list of points. However, Velu’s formulas only work for elliptic curves specified by a Weierstrass equation. This paper presents formulas similar to Velu’s that can be used to evaluate isogenies on Edwards curves and Huff curves, which are normal forms of elliptic curves that provide an alternative to the traditional Weierstrass form. Our formulas are not simply compositions of Velu’s formulas with mappings to and from Weierstrass form. Our alternate derivation yields efficient formulas for isogenies with lower algebraic complexity than such compositions. In fact, these formulas have lower algebraic complexity than Velu’s formulas on Weierstrass curves

Are Certificate Thumbprints Unique?

A certificate thumbprint is a hash of a certificate, computed over all certificate data and its signature. Thumbprints are used as unique identifiers for certificates, in applications when making trust decisions, in configuration files, and displayed in interfaces. In this paper we show that thumbprints are not unique in two cases. First, we demonstrate that creating two X.509 certificates with the same thumbprint is possible when the hash function is weak, in particular when chosen-prefix collision attacks are possible. This type of collision attack is now practical for MD5, and expected to be practical for SHA-1 in the near future. Second, we show that certificates may be mauled in a way that they remain valid, but that they have different thumbprints. While these properties may be unexpected, we believe the scenarios where this could lead to a practical attack are limited and require very sophisticated attackers. We also checked the thumbprints of a large dataset of certificates used on the Internet, and found no evidence that would indicate thumbprints of certificates in use today are not unique

Adolescents' experience doing homework: Associations among context, quality of experience, and outcomes

Abstract Extant data collected through the Experience Sampling Method -a signal contingent method for gathering data about students' immediate experienceswere analyzed to describe adolescents' subjective experiences doing homework. Analyses were conducted to explore variation in subjective experience in relation to the contexts in which homework was completed, and in relation to academic and social-emotional outcomes. Students' cognitive, affective, and motivational states showed significant variations depending on who they were with when they were doing homework, as well as whether homework was their primary or secondary activity. Variations in the quality of homework experience were, in turn, significantly associated with several outcomes, such as self-esteem, future expectations, and school grades. Findings are discussed in terms of contributions to the homework literature by addressing the much needed link between homework and students' cognitive, affective, and motivational states

In the eye of the beholder: mothers' perceptions of poor neighborhoods as places to raise children

This study explores how mothers facing similar neighborhood conditions evaluate their neighborhoods as places to raise children. The authors relied upon a triangulation of methods, using both quantitative and qualitative methodologies, with a sample of 91 low-income mothers. Content analysis of qualitative interviews revealed that mothers often hold divergent views about the quality of the same or similar neighborhoods. Mothers' overall neighborhood perceptions were influenced by several specific indicators, including social interaction, collective efficacy, fear of crime, personal victimization, and neighborhood incivilities. Moreover, mothers' subjective neighborhood perceptions were related to their parenting strategies. This study thus underscores the importance of not solely relying on “objective” neighborhood criteria such as census data, but of also attending to residents' subjective perceptions of their own neighborhoods. © 2010 Wiley Periodicals, Inc.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/69195/1/20372_ftp.pd

The media use of diaspora in a conflict situation : A case study of Venezuelans in Finland

Many Venezuelan emigrants have an emotional connection and/or they have family members and friends in the country of origin, and that is why they seek to find reliable information on the conflict situation in Venezuela. Therefore, they keep in touch with family members, read mainstream news and use different social media platforms. Thus, what kind of impact the conflict has on the media use and how events reported in the media are interpreted is investigated in this study of Venezuelan diaspora in Finland by using social media ethnography. There are internal and external factors behind the media use. External factors come from societies of the host and origin countries. Internal factors rise from family connections and identity construction concerning personal national identity or political activism.Peer reviewe

Does Parental Involvement Matter for Student Achievement and Mental Health in High School?

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/106729/1/cdev12153.pd

Family-school connections and internalizing problems among children living with asthma in urban, low-income neighborhoods

Children with asthma living in urban environments are at risk for experiencing internalizing problems and difficulties at school due to social context and health-related stressors. Parent confidence and participation in the school and children’s attitudes about school were explored in association with children’s depressed mood and school anxiety. Forty-five parent—child dyads were recruited from urban community health centers. Most participants were members of ethnic minority groups. Hierarchical multiple regression analyses revealed that higher levels of parent confidence in the school were associated with fewer symptoms of school anxiety in children. Children’s attitudes toward school moderated the relation between parent participation in the school and children’s depressed mood. Specifically, lower levels of parent participation were associated with higher levels of depressed mood only for children with the least positive school attitudes. Although preliminary, these results suggest the importance of attending to family—school connections to optimize the school-related psychological functioning of children living with asthma in urban environments