Re: Encryption question
From: Hollis Johnson (hollis_at_cisco.com)
Date: 02/26/04
- Previous message: Prasad S. Athawale: "RE: Encryption question"
- In reply to: Lars Georg Paulsen: "Re: Encryption question"
- Next in thread: Lars Georg Paulsen: "Re: Encryption question"
- Reply: Lars Georg Paulsen: "Re: Encryption question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Feb 2004 16:36:11 -0800 To: Lars Georg Paulsen <maillist@braindead.nu>, "Preston, Tony" <Tony.Preston@acs-inc.com>, security-basics@securityfocus.com
Lars. That's interesting. I always thought Priv/Pub keys had to be composed
of two primes. If you "combine" them (i'm thinking p*q) the result is no
longer prime -- although it may not be any easier to break -- Is that what
you meant? or did you mean applying one then the other??
Thanks for any additional info :-)
Hollis
At 07:17 PM 2/25/2004 +0100, Lars Georg Paulsen wrote:
>The encrypted key you have made, is not valid. Bob can't decrypt the
>messange with his public nor with is private.
>
>If alice sends a message to bob, and what him to be the only one to read
>it, she will encrypt it with his public key. And to make sure bob can
>trust the message, and tell for sure it's from alice, she will sign the
>message with alice private key.
>
>What you think of, combinding a private key and a public to make a new
>key, is the himlich method. The way describe above takes quite long time
>to decrypt.
>
>Another scenarior, is to make to new keys that are identical.
>This you do by combinding private keys and public keys.
>Alice makes a new key with her private and bobs public key.
>Bobs makes a new key with his private and alices public key.
>The two new keys are now identical, can not be produced by any
>outsiders.
>
>Hopes this answer a bit of your question.
>
>regards
>Lars Georg Paulsen.
>
>On Tue, 2004-02-24 at 20:01, Preston, Tony wrote:
> > Tony Preston
> > Systems Engineer, AS&T Inc.
> > Division of L3 Corporation
> > (609) 485-0205 x 181
> >
> > I have what is a rather basic question... I probably am missing something
> > so I thought I would ask here.
> >
> > Alice and Bob both have a public and private key.
> >
> > Alice encrypts her email to Bob using his public key. Sends the email and
> > Bob decrypts it using his keys..
> >
> > Since both Bob and Alice's public keys are known, Why can't I take Alice's
> > public key and create a key pair using any other private key. Now, I fake
> > an electronic signature from Alice using the pair I created and send a
> bogus
> > encrypted message to Bob with my "fake" Alice signature. Bob checks the
> > signature by using the public key and it is valid. Bob assumes the
> message
> > is from Alice...
> >
> > What prevents me from spoofing someone's electronic signature this way?
> >
> >
> >
> > ---------------------------------------------------------------------------
> >
> ----------------------------------------------------------------------------
> >
> >
> >
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Prasad S. Athawale: "RE: Encryption question"
- In reply to: Lars Georg Paulsen: "Re: Encryption question"
- Next in thread: Lars Georg Paulsen: "Re: Encryption question"
- Reply: Lars Georg Paulsen: "Re: Encryption question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
