Re: Encryption question

From: F.O. Bossert (o.bossert_at_quapps.org)
Date: 03/02/04

  • Next message: Dave Gonsalves: "RE: Recommending an IDS system" 
    Date: Tue, 02 Mar 2004 14:49:42 +0100
To: Marco Araujo <amon87secfx@hotmail.com>

    Yoo,

    But that is his point! Sending an Fake message with an fake hash, with
    real public key and fake private key,
    does give the receiver the false impression that the message is from Alice!

    Greetings O.

    Marco Araujo wrote:

    > Hi Tony,
    >
    > I think there's a mistake here. Digital signature is done by applying
    > the sender's private key at the message hash. The private key is known
    > only by the sender. The receiver knows that the message is not a fake
    > one because he (she) has the sender's public key to check. He (she)
    > applies the public key at the message hash to check. It's not possible
    > to make a new private key from the public key.
    >
    > Hope it helps.
    >
    > Marco Araujo
    > MCSE
    > Recife/PE - Brasil
    >
    >
    >
    >
    >
    >> From: "Preston, Tony" <Tony.Preston@acs-inc.com>
    >> To: security-basics@securityfocus.com
    >> Subject: Encryption question
    >> Date: Tue, 24 Feb 2004 13:01:29 -0600
    >>
    >>
    >>
    >> Tony Preston
    >> Systems Engineer, AS&T Inc.
    >> Division of L3 Corporation
    >> (609) 485-0205 x 181
    >>
    >> I have what is a rather basic question... I probably am missing
    >> something
    >> so I thought I would ask here.
    >>
    >> Alice and Bob both have a public and private key.
    >>
    >> Alice encrypts her email to Bob using his public key. Sends the
    >> email and
    >> Bob decrypts it using his keys..
    >>
    >> Since both Bob and Alice's public keys are known, Why can't I take
    >> Alice's
    >> public key and create a key pair using any other private key. Now, I
    >> fake
    >> an electronic signature from Alice using the pair I created and send
    >> a bogus
    >> encrypted message to Bob with my "fake" Alice signature. Bob checks the
    >> signature by using the public key and it is valid. Bob assumes the
    >> message
    >> is from Alice...
    >>
    >> What prevents me from spoofing someone's electronic signature this way?
    >>
    >>
    >>
    >> ---------------------------------------------------------------------------
    >>
    >> ----------------------------------------------------------------------------
    >>
    >>
    >
    > _________________________________________________________________
    > MSN Messenger: instale grátis e converse com seus amigos.
    > http://messenger.msn.com.br
    >
    >
    > ---------------------------------------------------------------------------
    >
    > Free 30-day trial: firewall with virus/spam protection, URL filtering,
    > VPN,
    > wireless security
    >
    > Protect your network against hackers, viruses, spam and other risks
    > with Astaro
    > Security Linux, the comprehensive security solution that combines six
    > applications in one software solution for ease of use and lower total
    > cost of
    > ownership.
    >
    > Download your free trial at
    > http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
    > ----------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
    ----------------------------------------------------------------------------

  • Next message: Dave Gonsalves: "RE: Recommending an IDS system"

    Relevant Pages

    • RE: Encryption question
      ... > sender's private key at the message hash. ... >>Alice encrypts her email to Bob using his public key. ... > Security Linux, the comprehensive security solution that combines six ... Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. ...
      (Security-Basics)
    • Re: Part 11 compliant
      ... >> Part 11 compliant refers to security of records. ... They use public key ... >private key, into a signing algorithym. ... >of numbers which are known as the signature. ...
      (microsoft.public.access.security)
    • Re: Encryption question
      ... Sending an Fake message with an fake ... You sign your message with a private key ... The receiver, ... real public key, will get the message that the signature is ...
      (Security-Basics)
    • Re: ssh pubkey validation
      ... there's a potential security breach. ... A public key is totally public, and is worthless to an attacker, so no ... private key is released. ... You are only able to decrypt that session key if you have the ...
      (uk.comp.os.linux)
    • RE: Encryption question
      ... Subject: Encryption question ... The reason is because ONLY Alice's private key can decrypt something ... encrypted by Alice's public key, and vice versa, only her public key can ... Security Linux, the comprehensive security solution that combines six ...
      (Security-Basics)