Re: Encryption question

From: Lars Georg Paulsen (maillist_at_braindead.nu)
Date: 02/25/04

  • Next message: Tom Milliner: "MS IIS Urlscan - Preventing OS Detection"
    To: "Preston, Tony" <Tony.Preston@acs-inc.com>, security-basics@securityfocus.com
    Date: Wed, 25 Feb 2004 19:17:29 +0100
    
    

    The encrypted key you have made, is not valid. Bob can't decrypt the
    messange with his public nor with is private.

    If alice sends a message to bob, and what him to be the only one to read
    it, she will encrypt it with his public key. And to make sure bob can
    trust the message, and tell for sure it's from alice, she will sign the
    message with alice private key.

    What you think of, combinding a private key and a public to make a new
    key, is the himlich method. The way describe above takes quite long time
    to decrypt.

    Another scenarior, is to make to new keys that are identical.
    This you do by combinding private keys and public keys.
    Alice makes a new key with her private and bobs public key.
    Bobs makes a new key with his private and alices public key.
    The two new keys are now identical, can not be produced by any
    outsiders.

    Hopes this answer a bit of your question.

    regards
    Lars Georg Paulsen.

    On Tue, 2004-02-24 at 20:01, Preston, Tony wrote:
    > Tony Preston
    > Systems Engineer, AS&T Inc.
    > Division of L3 Corporation
    > (609) 485-0205 x 181
    >
    > I have what is a rather basic question... I probably am missing something
    > so I thought I would ask here.
    >
    > Alice and Bob both have a public and private key.
    >
    > Alice encrypts her email to Bob using his public key. Sends the email and
    > Bob decrypts it using his keys..
    >
    > Since both Bob and Alice's public keys are known, Why can't I take Alice's
    > public key and create a key pair using any other private key. Now, I fake
    > an electronic signature from Alice using the pair I created and send a bogus
    > encrypted message to Bob with my "fake" Alice signature. Bob checks the
    > signature by using the public key and it is valid. Bob assumes the message
    > is from Alice...
    >
    > What prevents me from spoofing someone's electronic signature this way?
    >
    >
    >
    > ---------------------------------------------------------------------------
    > ----------------------------------------------------------------------------
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Tom Milliner: "MS IIS Urlscan - Preventing OS Detection"

    Relevant Pages

    • Re: Consolidating to Date.
      ... Alice can ... simulate Bob and decrypt her own message at home before sending the ... encryptions. ...
      (sci.crypt)
    • RE: Encryption question
      ... > Alice and Bob both have a public and private key. ... > Alice encrypts her email to Bob using his public key. ... > public key and create a key pair using any other private key. ...
      (Security-Basics)
    • Mutual Database Technology.
      ... In this scheme Alice and Bob share a mutual database. ... She next creates a decryption program to check that her own encryption work decrypts OK. ... When she has tweaked both of these programs to her entire satisfaction she sends an exact copy to Bob. ... When Alice wants to make a change in the arrays which may be every day every week or even every message, she sends fresh scrambling parameters to Bob who must implement them immediately in order to stay in sync and be able to decrypt her ciphertext. ...
      (sci.crypt)
    • Re: Is SSL/TSL really secure?
      ... computers to record the private and public keys as they pass from my ... So both partners have such a keypair, say Alice has K1, K2 and Bob has ... Now Alice keeps K1 strictly secret - it's her "private key". ... with the public key of Bob, ...
      (comp.security.misc)
    • Re: PGP Lame question
      ... > There are also numbers NB, PubB and PrivB, that Bob knows. ... if the authorities ask Bob to decrypt, ... then they have R, and Bob's public key B, and they have Q to begin ... >> can verify that Alice signed something somehow connected to Bob? ...
      (sci.crypt)