Re: Reverse usage of public/private RSA encryption keys for licensing?

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 11/23/04

  • Next message: Shabam: "Customize Error Page" 
    Date: Tue, 23 Nov 2004 18:28:32 +0100

    It's just that there is a theorem that proves that if we use random oracle
    as hash (highest level of collision resistance), than existence of an
    algorithm to forge signature (RSA private key encryption of random oracle
    hash) gives ability to solve RSA problem with sufficient amount of signing
    requests (non-tight reduction means that amount of signing requests could be
    quite high). Hash is essential part of this theorem - ie. no hash - no
    security prove. SHA1 doesn't provide the same level of collision resistance,
    but having really good collision resistances properties (none has managed to
    find SHA1 collision so far) it presents good practical substitution to the
    random oracle. Using private exponent for encrypting arbitrary data doesn't
    have any security prove.

    -Valery.
    http://www.harper.no/valery

    "William Stacey [MVP]" <staceywREMOVE@mvps.org> wrote in message
    news:OQhm1KX0EHA.1296@TK2MSFTNGP10.phx.gbl...
    >> Use RSA singing. RSA signature with strong hash (ie. SHA1) provides much
    >> better security than encryption of data with RSA private key (ie. what
    >> you
    >> asked about).
    >
    > Hi Valery. That seems to suggest that RSA signature entails more then
    > just
    > encrypting the hash bytes? Is there more going on? TIA
    >
    > --
    > William Stacey, MVP
    > http://mvp.support.microsoft.com
    >
    >

  • Next message: Shabam: "Customize Error Page"

    Relevant Pages

    • Re: Reverse usage of public/private RSA encryption keys for licensing?
      ... It's just that there is a theorem that proves that if we use random oracle ... algorithm to forge signature (RSA private key encryption of random oracle ... hash) gives ability to solve RSA problem with sufficient amount of signing ... SHA1 doesn't provide the same level of collision resistance, ...
      (microsoft.public.dotnet.framework)
    • RE: Signing before Encryption and Signing after Encryption
      ... The property that a hash match is supposed to verify (is this ... Signing before Encryption and Signing after Encryption ... Signing with symmetric keys is a lot more ...
      (Security-Basics)
    • Re: Newbie - Is this Reasonable?
      ... because this hash is stored in the database. ... So you use PKCS5v2 to generate a key hash from a salt and the user's passphrase, then store the salt and the hash in a database. ... are even more critical in database applications because the payoff from tampering with selected fields may be much higher, fields tend to be fixed-length so it's easier to tamper with them in a meaningful way, and databases lend themselves to off-line analysis, so the attacker can marshall more resources and take more time to attack your system. ... You're using a stream cipher for encryption. ...
      (sci.crypt)
    • Re: Signing before Encryption and Signing after Encryption
      ... Hash: SHA1 ... Encryption and Signing after Encryption ... are signature schemes that only require symmetric keys. ...
      (Security-Basics)
    • Re: Encrypting incoming messages with GnuPG
      ... Hash: SHA1 ... Trick is to not write to disk prior to encryption. ... the 'nobody' user, and I've setup the GPG keys ...
      (Debian-User)
    Loading