Re: Do non-positional number systems present security issues?

From: karl williamson (
Date: Mon Apr 12 2010 - 12:09:00 CDT

  • Next message: Michael Everson: "Re: MODIFIER LETTER or SUPERSCRIPT?"

    Shriramana Sharma wrote:
    > On 2010-Apr-05 01:58, karl williamson wrote:
    >> Tamil's digits are not positional according to Richard Gillam. They
    >> have General category of Nd. Could this be used to cause a naive program
    >> to calculate an incorrect value of an input number, such that mention of
    >> this possibility would be warranted in TR36?
    > Have you read: ? It is hinted (though
    > not perhaps very explicitly said) that today the positional system is
    > indeed used. Therefore I (a native Tamil speaker and writer) do not
    > think that today we would expect applications to *commonly* support the
    > old numeral system.
    > In any case, non-positional evaluation of numbers should only be
    > performed by an application if it encounters the characters ௰ ௱ and ௲. A
    > number which does not use these characters can safely be processed as
    > positional. A number which uses them, on the other hand, will have to be
    > checked for being properly formatted, i.e. properly composed, since in
    > the non-positional system digits like ௧ ௨ etc would never be seen
    > adjacent to each other without being punctuated by one of the three
    > characters ௰ ௱ and ௲. Therefore any number containing one of ௰ ௱ and ௲
    > but also containing any two normal digits ௧ ௨ etc adjacent to each other
    > is badly formatted and hence has no (defined) value.
    > Therefore there is a clear distinction between the two systems, and
    > while the same numerical value can be represented by two different
    > strings of characters, one for each system, the same string cannot
    > represent two different numbers. These systems are self-exclusive. I
    > mean to say that they both naturally exclude the simultaneous use of the
    > other system in the same number. Therefore I think that there is little
    > scope for security problems here.

    Thanks for your response.

    Can anyone tell me: Are there other scripts where Gc=Nd characters can
    behave with other than the positional meanings of the digits 0-9? The
    only technical note that has "number" in the title is the one that
    Shriramana mentioned, so I'm assuming not.

    This archive was generated by hypermail 2.1.5 : Mon Apr 12 2010 - 12:11:10 CDT