Re: Encryption question

From: Raghu Chinthoju (chraghu.ml_at_fusemail.com)
Date: 02/27/04

  • Next message: Tiago Halm: "RE: Preventing OS Detection" 
    To: "Preston, Tony" <Tony.Preston@acs-inc.com>, <security-basics@securityfocus.com>
Date: Fri, 27 Feb 2004 17:58:48 +0530

    What you are saying, "take Alice's public key and create a key pair", is as
    good as breaking the key pair. When appropriate key length is maintained,
    this is believed to be an impossible task with the existing computing
    resources.

    Also, a key pair is generated during a single operation, not that the one
    derived from the other. Hope this answers your question.

    Raghu

    ----- Original Message -----
    From: "Preston, Tony" <Tony.Preston@acs-inc.com>
    To: <security-basics@securityfocus.com>
    Sent: Wednesday, February 25, 2004 12:31 AM
    Subject: Encryption question

    >
    >
    > Tony Preston
    > Systems Engineer, AS&T Inc.
    > Division of L3 Corporation
    > (609) 485-0205 x 181
    >
    > I have what is a rather basic question... I probably am missing something
    > so I thought I would ask here.
    >
    > Alice and Bob both have a public and private key.
    >
    > Alice encrypts her email to Bob using his public key. Sends the email and
    > Bob decrypts it using his keys..
    >
    > Since both Bob and Alice's public keys are known, Why can't I take Alice's
    > public key and create a key pair using any other private key. Now, I fake
    > an electronic signature from Alice using the pair I created and send a
    bogus
    > encrypted message to Bob with my "fake" Alice signature. Bob checks the
    > signature by using the public key and it is valid. Bob assumes the
    message
    > is from Alice...
    >
    > What prevents me from spoofing someone's electronic signature this way?
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > -------------------------------------------------------------------------- 

    --
>
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Tiago Halm: "RE: Preventing OS Detection"

    Relevant Pages

    • Re: Simple authenticated channel
      ... protocols (in this case, I assume Bob uses a DH keypair), followed by ... It is assumed Alice already has an authetic copy of Bob's public key. ... The attacker therefore does not hold k, ...
      (sci.crypt)
    • Re: PGP Lame question
      ... i think that given Q and Bob's public key, ... Q can be linked as encrypted to Bob ... can verify that Alice signed something somehow connected to Bob? ... Alice encrypts M with R and gets an output, ...
      (sci.crypt)
    • Practical improvement of DH-ElGamal scheme
      ... Improving DH-ElGamal public key encryption scheme can be done in ... For person Alice: ... Linking between 2 persons (Alice and Bob): ... Attacking this encryption scheme: ...
      (sci.crypt.research)
    • Re: GPG
      ... In a practical sense, only Bob may decrypt ... Alice on the way to Bob and prevent it from reaching Bob. ... Alice may encrypt the message with Bob's public key, ... the others) before issuing their certificates. ...
      (comp.os.linux.security)
    • Re: Is SSL/TSL really secure?
      ... computers to record the private and public keys as they pass from my ... So both partners have such a keypair, say Alice has K1, K2 and Bob has ... Now Alice keeps K1 strictly secret - it's her "private key". ... with the public key of Bob, ...
      (comp.security.misc)
    • Quantcast