Re: signing small pieces of data
From: Dimitris Papadimitriou (nospam_at_nospam.com)
Date: 03/24/04
- Next message: jzhu: "RE: Getting the Windows Groups for the Logged On User"
- Previous message: Michel Gallant: "Re: signing small pieces of data"
- In reply to: Michel Gallant: "Re: signing small pieces of data"
- Next in thread: Michel Gallant: "Re: signing small pieces of data"
- Reply: Michel Gallant: "Re: signing small pieces of data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 22:06:47 +0200
Thx for you quick response Michel!
And since I'm interested in singing my data, rather than encrypting them,
producing a hash digest and then encrypting it (using RSA assymatric
encryption as you suggest) would definately "hide" the length of my data
from any possible attacker - in a way that it wouldn't matter to me if my
end-user selects to sign only a small piece of data, or some KBs. Isn't it
so?
Check this out: I want the end-user to be able to sign an entire record of
an sql server table, so that other users can be sure that the data of this
particular record was entered by him/her and that they haven't been altered
ever since. After the end-user enteres the data, my application creates an
XML string of these data, then a hash digest of this XML, which is finally
encrypted using the end-user's private key. The encrypted piece of data is
attached to the initial record (for instance in a field created for this
purpose in the table), creating a digitally singed database record!
How do you find this idea? Would this be a proper way to digitally sign
database records?
Ο "Michel Gallant" <neutron@NOSPAMistar.ca> έγραψε στο μήνυμα
news:u#ORbVdEEHA.3856@TK2MSFTNGP12.phx.gbl...
> Not an issue with signing, but if you are using symmetric encryption, an
> attacker that might be able to guess what your encrypted-intentions are
> if they discover an bunch of single 8-byte blocks of data. If (s)he
guesses
> that these are symmetric-encrypted single blocks of data, then you might
> be "screwed" if you are only hiding a few bytes of data. You could always
> "pad" your small data to mask things, but then you are trying to cook your
> own padding. In that case, you should use technology that has already
> built-in well-analyzed padding. For example:
>
> If you want to encrypt very small amounts of data, you might consider
> using standard RSA asymmetric encryption, which always produces
> a standard encrypted block size the same size as the corresponding public
> key, e.g. 128 bytes for a 1024 bit RSA key. Random number padding is
> used also, which means that the same encrypted data will produce a
different
> 128 bytes each time.
> The potential attacker might guess that it is RSA encrypted, but a least
now you
> have raised the bar in the sense that (s)he only could know that the
encrypted
> data is between 0 - 117 bytes (maximum data you can RSA encrypt with 1024
> bit RSA public key).
>
> - Mitch Gallant
> MVP Security
> www.jensign.com
>
> "Dimitris Papadimitriou" <nospam@nospam.com> wrote in message
> news:O3ziOIdEEHA.2664@TK2MSFTNGP12.phx.gbl...
> > Hello!
> >
> > 1) Do you know if there is any security issue when encrypting or signing
> > small pieces of data (some or even a single byte). I guess that
encrypting a
> > single character or word is not suggested, but what about signing it
> > (encrypting it's hash digest).
> >
> > 2) I would like to give my end-users the option to sign data they store
in a
> > database (sql server possibly) and that's where the previous question
> > derives from. Does anybody know of any resources about encrypting or
singing
> > data stored in a database. Are there any issues here?
> >
> > Thx,
> > Dimitris
> >
> >
>
>
- Next message: jzhu: "RE: Getting the Windows Groups for the Logged On User"
- Previous message: Michel Gallant: "Re: signing small pieces of data"
- In reply to: Michel Gallant: "Re: signing small pieces of data"
- Next in thread: Michel Gallant: "Re: signing small pieces of data"
- Reply: Michel Gallant: "Re: signing small pieces of data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
