RE: Encryption question

From: Burton M. Strauss III (BStrauss_at_acm.org)
Date: 02/25/04

  • Next message: Rosenhan, David: "RE: Cisco VPN Client - Stateful Firewall" 
    To: "Preston, Tony" <Tony.Preston@acs-inc.com>, <security-basics@securityfocus.com>
Date: Wed, 25 Feb 2004 15:09:56 -0600

    Because there's no simple transformation between keys. Instead, the simple
    transforms are from some unknown shared item.

    So private key=f(x)
         public key=g(x)

    which are easy,
    But the invert functions f'() and g'() are hard.

    Usually x is the product of two large prime numbers, so factoring it is the
    hard task. It turns out to be much easier to test if a number is prime than
    to determine it's factoring.

    -----Burton

    > -----Original Message-----
    > From: Preston, Tony [mailto:Tony.Preston@acs-inc.com]
    > Sent: Tuesday, February 24, 2004 1:01 PM
    > To: security-basics@securityfocus.com
    > Subject: Encryption question
    >
    >
    >
    >
    > Tony Preston
    > Systems Engineer, AS&T Inc.
    > Division of L3 Corporation
    > (609) 485-0205 x 181
    >
    > I have what is a rather basic question... I probably am missing something
    > so I thought I would ask here.
    >
    > Alice and Bob both have a public and private key.
    >
    > Alice encrypts her email to Bob using his public key. Sends the email and
    > Bob decrypts it using his keys..
    >
    > Since both Bob and Alice's public keys are known, Why can't I take Alice's
    > public key and create a key pair using any other private key. Now, I fake
    > an electronic signature from Alice using the pair I created and
    > send a bogus
    > encrypted message to Bob with my "fake" Alice signature. Bob checks the
    > signature by using the public key and it is valid. Bob assumes
    > the message
    > is from Alice...
    >
    > What prevents me from spoofing someone's electronic signature this way?
    >
    >
    >
    > ------------------------------------------------------------------
    > ---------
    > ------------------------------------------------------------------
    > ----------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Rosenhan, David: "RE: Cisco VPN Client - Stateful Firewall"

    Relevant Pages

    • Re: Simple authenticated channel
      ... protocols (in this case, I assume Bob uses a DH keypair), followed by ... It is assumed Alice already has an authetic copy of Bob's public key. ... The attacker therefore does not hold k, ...
      (sci.crypt)
    • Re: PGP Lame question
      ... i think that given Q and Bob's public key, ... Q can be linked as encrypted to Bob ... can verify that Alice signed something somehow connected to Bob? ... Alice encrypts M with R and gets an output, ...
      (sci.crypt)
    • Re: Encryption question
      ... will be able to encrypt and decrypt the same messange. ... it with alice private key.... ... >>messange with his public nor with is private. ... she will encrypt it with his public key. ...
      (Security-Basics)
    • Practical improvement of DH-ElGamal scheme
      ... Improving DH-ElGamal public key encryption scheme can be done in ... For person Alice: ... Linking between 2 persons (Alice and Bob): ... Attacking this encryption scheme: ...
      (sci.crypt.research)
    • Re: GPG
      ... In a practical sense, only Bob may decrypt ... Alice on the way to Bob and prevent it from reaching Bob. ... Alice may encrypt the message with Bob's public key, ... the others) before issuing their certificates. ...
      (comp.os.linux.security)
    • Quantcast