Re: Is this secured?
From: Ayende Rahien (Ayende_at_nospam.com)
Date: 04/30/04
- Next message: Ayende Rahien: "Verification"
- Previous message: Michel Gallant: "Re: Is this secured?"
- In reply to: Pieter Philippaerts: "Re: Is this secured?"
- Next in thread: Pieter Philippaerts: "Re: Is this secured?"
- Reply: Pieter Philippaerts: "Re: Is this secured?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Apr 2004 02:52:12 +0200
Pieter Philippaerts wrote:
> "Ayende Rahien" <Ayende@nospam.com> wrote
>
>>Question, I need to trasfer data securely from one computer to another,
>>1> Client connect to server, recieve a public key (created for this
>>spesific connection only). - RSA 4096 bit
>
>
> How exactly are you sending the RSA key to the client? Are you using a
> certificate, or are you simply sending the modulus and exponent of the
> public RSA key?
> If you do not use certificates [or if you do not verify the received
> certificate], your scheme is vulnerable to a man-in-the-middle attack.
Currently I'm just sending it - plain.
What do you mean in certificate? If you mean a central autority, then
that is probably not relevant in my case.
Would using Diffie-Hellman mitigate this?
>>(I think that SSL is using this methord, or something similar, am I
>>correct?)
>
>
> If you can use SSL, you should do so [yes, many SSL and TLS implementations
> support RSA with 256-bit Rijndael; if you need a .NET implementation that is
> capable of this, look at http://www.mentalis.org/go.php?sl].
My question was whatever this method is similar to the SSL one.
I'm doing this for a project, so I want to do this myself.
>>I've heard that RjindaelManaged does not work on all .Net platform -
>>only on XP, is this true? I need a minimun of XP, 2000, and probably 98
>>& ME as well for this to work.
>
>
> RijndaelManaged works on all Windows platforms. However you may have trouble
> with your 4096 bit RSA key on 98 and 2000. Make sure you've got the
> high-encryption pack installed [for Windows 2000:
> http://www.microsoft.com/windows2000/downloads/recommended/encryption/ and
> for Win98 and NT4
> http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.asp]
> or you're definitely going to have problems if you try to run your code on
> older non-US versions of Windows.
Is there an RsaManaged implementation, that would seem to solve quite a
bit of the problem.
- Next message: Ayende Rahien: "Verification"
- Previous message: Michel Gallant: "Re: Is this secured?"
- In reply to: Pieter Philippaerts: "Re: Is this secured?"
- Next in thread: Pieter Philippaerts: "Re: Is this secured?"
- Reply: Pieter Philippaerts: "Re: Is this secured?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
