RE: Encryption question
From: Marco Araujo (amon87secfx_at_hotmail.com)
Date: 03/01/04
- Previous message: Ansgar -59cobalt- Wiechers: "Re: restricting telnet via username"
- Maybe in reply to: David Gillett: "RE: Encryption question"
- Next in thread: F.O. Bossert: "Re: Encryption question"
- Reply: F.O. Bossert: "Re: Encryption question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Tony.Preston@acs-inc.com Date: Mon, 01 Mar 2004 18:39:05 -0300
Hi Tony,
I think there's a mistake here. Digital signature is done by applying the
sender's private key at the message hash. The private key is known only by
the sender. The receiver knows that the message is not a fake one because he
(she) has the sender's public key to check. He (she) applies the public key
at the message hash to check. It's not possible to make a new private key
from the public key.
Hope it helps.
Marco Araujo
MCSE
Recife/PE - Brasil
>From: "Preston, Tony" <Tony.Preston@acs-inc.com>
>To: security-basics@securityfocus.com
>Subject: Encryption question
>Date: Tue, 24 Feb 2004 13:01:29 -0600
>
>
>
>Tony Preston
>Systems Engineer, AS&T Inc.
>Division of L3 Corporation
>(609) 485-0205 x 181
>
>I have what is a rather basic question... I probably am missing something
>so I thought I would ask here.
>
>Alice and Bob both have a public and private key.
>
>Alice encrypts her email to Bob using his public key. Sends the email and
>Bob decrypts it using his keys..
>
>Since both Bob and Alice's public keys are known, Why can't I take Alice's
>public key and create a key pair using any other private key. Now, I fake
>an electronic signature from Alice using the pair I created and send a
>bogus
>encrypted message to Bob with my "fake" Alice signature. Bob checks the
>signature by using the public key and it is valid. Bob assumes the
>message
>is from Alice...
>
>What prevents me from spoofing someone's electronic signature this way?
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
_________________________________________________________________
MSN Messenger: instale grátis e converse com seus amigos.
http://messenger.msn.com.br
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------
- Previous message: Ansgar -59cobalt- Wiechers: "Re: restricting telnet via username"
- Maybe in reply to: David Gillett: "RE: Encryption question"
- Next in thread: F.O. Bossert: "Re: Encryption question"
- Reply: F.O. Bossert: "Re: Encryption question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
