RE: Encryption question

From: Daniel Menezes (pordeus_at_email.it)
Date: 03/02/04

Next message: Preston, Tony: "RE: Protecting Multiple Public IP Workstations"

Previous message: Tony Kava: "Graphing Tool"
Maybe in reply to: David Gillett: "RE: Encryption question"
Next in thread: Preston, Tony: "RE: Encryption question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue,  2 Mar 2004 13:24:59 +0100
To: "amon87secfx" <amon87secfx@hotmail.com>

I think what Tony wants to say is, he can creates a key pair public/private ans publish saying that the keys belongs to Alice, but it isn't. When he encrypt a message with this private key and send to Bob, when Bob search for Alice's public key, he will find a fake key, but he won't know.

how can we solve this? Using a trusted third party. An association that store all certificates validating one a one.

[]s

Daniel Pordeus Menezes
Analista de Sistemas
Petrobras - cp37

> Hi Tony,
>
> I think there's a mistake here. Digital signature is done by applying the
> sender's private key at the message hash. The private key is known only by
> the sender. The receiver knows that the message is not a fake one because he
> (she) has the sender's public key to check. He (she) applies the public key
> at the message hash to check. It's not possible to make a new private key
> from the public key.
>
> Hope it helps.
>
> Marco Araujo
> MCSE
> Recife/PE - Brasil
>
>
>
>
>
> >From: "Preston, Tony"
> >To: security-basics@securityfocus.com
> >Subject: Encryption question
> >Date: Tue, 24 Feb 2004 13:01:29 -0600
> >
> >
> >
> >Tony Preston
> >Systems Engineer, AS&T Inc.
> >Division of L3 Corporation
> >(609) 485-0205 x 181
> >
> >I have what is a rather basic question... I probably am missing something
> >so I thought I would ask here.
> >
> >Alice and Bob both have a public and private key.
> >
> >Alice encrypts her email to Bob using his public key. Sends the email and
> >Bob decrypts it using his keys..
> >
> >Since both Bob and Alice's public keys are known, Why can't I take Alice's
> >public key and create a key pair using any other private key. Now, I fake
> >an electronic signature from Alice using the pair I created and send a
> >bogus
> >encrypted message to Bob with my "fake" Alice signature. Bob checks the
> >signature by using the public key and it is valid. Bob assumes the
> >message
> >is from Alice...
> >
> >What prevents me from spoofing someone's electronic signature this way?
> >
> >
> >
> >---------------------------------------------------------------------------
> >----------------------------------------------------------------------------
> >
>
> _________________________________________________________________
> MSN Messenger: instale grátis e converse com seus amigos.
> http://messenger.msn.com.br
>
>
> ---------------------------------------------------------------------------
> Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
> wireless security
>
> Protect your network against hackers, viruses, spam and other risks with Astaro
> Security Linux, the comprehensive security solution that combines six
> applications in one software solution for ease of use and lower total cost of
> ownership.
>
> Download your free trial at
> http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
> ----------------------------------------------------------------------------
>

--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Con KLM puoi risparmiare fino a 20 Euro sul tuo biglietto aereo prenotando on line per Usa, Europa e il resto del mondo
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=1259&d=2-3
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------

Next message: Preston, Tony: "RE: Protecting Multiple Public IP Workstations"

Previous message: Tony Kava: "Graphing Tool"
Maybe in reply to: David Gillett: "RE: Encryption question"
Next in thread: Preston, Tony: "RE: Encryption question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Encryption question
... Sending an Fake message with an fake hash, ... > the sender's private key at the message hash. ... > applies the public key at the message hash to check. ... > Security Linux, the comprehensive security solution that combines six ...
(Security-Basics)
Re: Part 11 compliant
... >> Part 11 compliant refers to security of records. ... They use public key ... >private key, into a signing algorithym. ... >of numbers which are known as the signature. ...
(microsoft.public.access.security)
Re: ssh pubkey validation
... there's a potential security breach. ... A public key is totally public, and is worthless to an attacker, so no ... private key is released. ... You are only able to decrypt that session key if you have the ...
(uk.comp.os.linux)
RE: Encryption question
... Subject: Encryption question ... The reason is because ONLY Alice's private key can decrypt something ... encrypted by Alice's public key, and vice versa, only her public key can ... Security Linux, the comprehensive security solution that combines six ...
(Security-Basics)
RE: PGP scripting...
... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
(SecProg)